sacarino · October 25, 2018 17:05
diff --git a/admin_and_owner_crud_plus_read_authenticated.js b/admin_and_owner_crud_plus_read_authenticated.js
 // authenticated access to READ the model, but only admin or owner of the model can CRUD
 ...
 "acls": [{
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "DENY"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "admin",
    "permission": "ALLOW"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$owner",
    "permission": "ALLOW"
  }, {
    "accessType": "READ",
    "principalType": "ROLE",
    "principalId": "$authenticated",
    "permission": "ALLOW"
  }],
 ...
diff --git a/admin_and_owner_crud_plus_read_everyone.js b/admin_and_owner_crud_plus_read_everyone.js
 // public access to READ the model, but only admin or owner of the model can CRUD
 ...
 "acls": [{
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "DENY"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "admin",
    "permission": "ALLOW"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$owner",
    "permission": "ALLOW"
  }, {
    "accessType": "READ",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "ALLOW"
  }],
 ...
diff --git a/only_admin_and_owner_crud.js b/only_admin_and_owner_crud.js
 // only admin and the owner of the model can CRUD
 ...
 "acls": [{
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "DENY"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "admin",
    "permission": "ALLOW"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$owner",
    "permission": "ALLOW"
  }],
 ...
diff --git a/only_admin_crud.js b/only_admin_crud.js
 // only admin can CRUD the model
  ...
 "acls": [{
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "$everyone",
    "permission": "DENY"
  }, {
    "accessType": "*",
    "principalType": "ROLE",
    "principalId": "admin",
    "permission": "ALLOW"
  }],
 ...
	// authenticated access to READ the model, but only admin or owner of the model can CRUD
	...
	"acls": [{
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$everyone",
	"permission": "DENY"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "admin",
	"permission": "ALLOW"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$owner",
	"permission": "ALLOW"
	}, {
	"accessType": "READ",
	"principalType": "ROLE",
	"principalId": "$authenticated",
	"permission": "ALLOW"
	}],
	...
	// public access to READ the model, but only admin or owner of the model can CRUD
	...
	"acls": [{
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$everyone",
	"permission": "DENY"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "admin",
	"permission": "ALLOW"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$owner",
	"permission": "ALLOW"
	}, {
	"accessType": "READ",
	"principalType": "ROLE",
	"principalId": "$everyone",
	"permission": "ALLOW"
	}],
	...
	// only admin and the owner of the model can CRUD
	...
	"acls": [{
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$everyone",
	"permission": "DENY"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "admin",
	"permission": "ALLOW"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$owner",
	"permission": "ALLOW"
	}],
	...
	// only admin can CRUD the model
	...
	"acls": [{
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "$everyone",
	"permission": "DENY"
	}, {
	"accessType": "*",
	"principalType": "ROLE",
	"principalId": "admin",
	"permission": "ALLOW"
	}],
	...