Comments (2)
metasoarous
commented on June 7, 2024
Did you watch the ClojureWest talk? I touched on this a bit there, but didn't go into details.
For read, the idea is to pass all transaction data through filters which embody the access control rules of the domain. The implementation of those filters can depend a bit on the specifics of the domain and rules granularity. But more or less, you need a function that either at the entity or datom level decides whether or not user x has access to datom/entity y, and decides which datoms to send to which clients based on that rule.
For write, things are fairly similar; define some functions which test for whether or not a given transaction is permissible based on the submitting user and the domain's access control model. Then either run that test before transacting, or actually run the test in a transaction function if you're access control model necessitates atomicity. The latter should probably be avoided when not necessary (and frequently I don't think it will be necessary), as it would put more work on the transactor (bottleneck).
My plan is to focus on this stuff more once datview has gotten to be a bit more stable. Then we'll have some more prepackaged functionality and dataflow, but for now just inlining those checks before sending out or transacting data is the ticket.
I know this is a pretty broad and general response, so let me know if you're already ahead of me, and whether there are more specific questions I can answer.
from datsync.
colindresj
commented on June 7, 2024
In terms of functions that would be run against reads and writes, are you talking about rules, or more manual functions that receive a query, parse and determine whether or not it should be allowed?
And as far as filtering, do you mean using filters, or was that in a more general sense?
from datsync.
Related Issues (14)
- Remote (central) eid tracking broken? HOT 1
- Take out :dat.sync.remote.db/id client side stuff HOT 1
- Decentralize/isomorphize API (+ P2P, etc) HOT 1
- Generalize transaction listeners for tx-report -> remote notifications
- Runaway condition causes infinite round-trip HOT 1
- Docs: Data examples to show full flow from client->server and server->client HOT 2
- pprint problems with shared code?
- minor typo HOT 1
- Make datomic-tx a multimethod on the op, for more more sensible custom tx-functions/ops HOT 1
- Figure out why bootstrap is so slow HOT 1
- Set up server side components HOT 2
- Handle tx-reports with idents HOT 1
- Special care translating lookup refs? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from datsync.