This page is not created by, affiliated with, or supported by Slack Technologies, Inc.
2018-08-31
Channels
- # announcements (3)
- # beginners (139)
- # boot (28)
- # cider (40)
- # cljdoc (1)
- # cljs-dev (30)
- # clojure (61)
- # clojure-conj (1)
- # clojure-dev (113)
- # clojure-germany (4)
- # clojure-italy (29)
- # clojure-nl (3)
- # clojure-russia (2)
- # clojure-spec (38)
- # clojure-uk (53)
- # clojurescript (188)
- # core-async (4)
- # css (2)
- # cursive (7)
- # data-science (5)
- # datomic (14)
- # emacs (1)
- # figwheel-main (192)
- # fulcro (37)
- # jobs-discuss (1)
- # mount (4)
- # off-topic (47)
- # pedestal (7)
- # portkey (14)
- # re-frame (4)
- # reagent (22)
- # reitit (2)
- # remote-jobs (1)
- # ring (6)
- # shadow-cljs (65)
- # spacemacs (7)
- # specter (6)
- # yada (8)
Can someone link me to an example of restricting/filtering query pull based on the users access. Eg “users shouldn’t be able to see comments on jobs unless they wrote them”. Using a pull query I can find jobs and pull the related comments but then need to check access for each comment.
Perhaps I can wrap the pull function and do the additional access checks
Vague idea would be
(defn pull
"Like d/pull but checks has-read-access? on relations before including them"
[db uid eid selector]
(let [props (remove map? selector)
joins (apply merge (filter map? selector))
result (d/pull db eid props)]
(reduce-kv (fn [result k v]
(let [attr-name (attr-name k)
eids (d/q '[:find ?eid
:from $ ?eid ?uid
:where
[?eid ?attr-name ?fid]
[(app.perms/has-read-access? $ ?uid ?fid) true]]
db eid uid)
attr-data (map #(pull db uid % [{k v}]) eids)]
(assoc result attr-name attr-data)))
result
joins)))
Can you point me at something related to this please. Sounds interesting.
Thanks. That's pretty wild.
Possibly not part of the cloud / client api just yet. Interesting idea for user access control though. Would need to get familiar with practicalities and assess performance considerations too. Food for thought though.
@olivergeorge isn't that just another vector in the where
clause? :job/author ?user-id
or something. Then pull
in the find
clause.
Its the relations in the pull data I can’t filter via a :where clause
Perhaps I can wrap the pull function and do the additional access checks