Start a new topic

Question about User Groups

I have a group named Birds, and every time a member of the group creates an Egg I want all members of the Birds to be able to read that Egg, w/out having to assign the group to each Egg entity acl. And when a member of Birds creates an Nest, I want all members of the group to be able to write to Nest w/out assigning the group to each Nest entity acl. Is this possible?

In other words is there a way to define read/write permissions between a group & collection that is higher than object-entity acl? Something like this:

// collection read/write definitions for group "Birds"


"Birds": {

"collections": [{

"Eggs": "read"

}, {

"Nest": "write"





While we do not offer collection-level ACLs, your clarification implies that this is not what you want, in any case. It sounds like you are looking for a way to automatically add the Birds group as a reader to any Egg entity that is created by a member of the Birds group, and as a writer to any Nest that is created by a member.

You could achieve this using "before save" business logic collection hooks on the Eggs and Nests collections. This business logic script would inspect the incoming request and, using the ID of the creating user, check whether that user is a member of the Birds group. If so, add the Birds group to the _acl of the incoming entity before passing it to the data store to be saved.
@Gal also when you say to use the ID of the creating user, do you mean to use the collectionAccess module to find the user by username?
Yes, you would need to find the user ID by username, which is accessible through request.username.
Login or Signup to post a comment