The server makes sure that users have permissions to perform certain actions.
By default, the following rules are set:
- Any user can create a document
- Only the author of a document can edit it
- Only document members (people who were invited) can view a document (unless the document is public)
- Only the author of a document can delete it
- Only the author of a document can invite users to it
- Only members of the document can add annotations to it
- Only the author of the annotation can edit it
- Only members of the document can view it
- Only the author of the annotation can delete it
If you are not happy with these defaults, you can customize them as per the guide below.
You can change the default permissions by passing a
permissions object to the server constructor.
The permissions object let you set entity level permissions for each action type (add, edit, delete, invite).
permissions object has two properties,
CollabServer.Permissions.Entities.ANNOTATION. Both of these are optional.
Permissions in the
DOCUMENT object apply to documents, and permissions in the
ANNOTATION object apply to annotations.
From here you can set permissions based on actions (add, edit, delete, invite). To do this set the key of the object to whatever action permission you want to set, and set the value to the role that the user must be to execute that action.
For example, to make it so that any member of a document can edit it, you would do:
The possible actions are listed below (you can also view the API docs here)
|CollabServer.Permissions.Actions.ADD||adding an entity|
|CollabServer.Permissions.Actions.EDIT||editing an entity|
|CollabServer.Permissions.Actions.READ||reading/viewing an entity|
|CollabServer.Permissions.Actions.DELETE||deleting an entity|
|CollabServer.Permissions.Actions.INVITE||inviting someone to an entity|
The possible roles are listed below (you can also view the API docs here)
|CollabServer.Permissions.Roles.ANNOTATION_AUTHOR||The user must be the auth of the annotation to perform the action|
|CollabServer.Permissions.Roles.DOCUMENT_AUTHOR||The user must be the document of the author to perform the action|
|CollabServer.Permissions.Roles.DOCUMENT_MEMBER||The user must be a member of the document to perform the action|
|CollabServer.Permissions.Roles.ANY||Anyone can perform the action|
If you want more fine tuned control over the permissions, you can pass an auth function instead of a role that determines if the user is allowed to perform the action.
The function can be async and must resolve with true if the user is allowed to make the operation, or false otherwise.
authFunction(entity, user): Promise<boolean>#
entity(Annotation | Document) the entity being operated on.
user(object) information about the user performing the action
id(string) the user's id
type(string) the type of user
You can pass an
authFunction to any permission setting.
For example, if you want to make a whitelist of emails who can create documents, you could do this: