Many apps require access controls to manage end-user authorization for reading and writing specific data, Ditto provides this via its permissioning system.
read
and write
permissions to all collections and all documents:
authenticate
to true
to tell the webhook that the user has successfully validatedexpirationSeconds
is number
property on how long the authentication session is valid for before a refresh is required.userID
is a string
which identifies the the userID
. This should be unique across users within your app.permissions
which describes all the types of access control for collections and documents that this user can read
or write
._id
field of a document. Permissions on mutable properties are currently not supported.
To grant selective permissions on specific documents, add to the
queriesByCollection
property inside either the read
or write
property.
Each key inside queriesByCollection
is a reference to the collection. Each
value is an array
of Ditto queries describing which documents the user can read or write.
identityServiceMetadata
field for the given peer.
userID: "123abc"
can:
write
to documents in the "books"
collection matching the query "_id.locationId == 'abcedef123456'"
.write
to any document in the "newspapers"
collection. This is done with the single-word query"true"
read
to documents in the "books"
collection matching the query "_id.locationId == 'abcedef123456'"
userId
inside of the document _id
. Ditto ensures that only those authorized to create documents with a particular document _id
are able to synchronize those documents in a trustworthy manner throughout the system.
_id
that represents their userID
. So, for example, Peer A has the following permissions:
userID=A
.
Today Ditto enforces that data which has to propagate peer-to-peer must have mutual
write permissions. If integrity is at risk, you have to sign the payloads yourself at the application level.
This is a credible attack vector, especially if Peer A represents an authority in the system, such as an administrative user. This design prevents a hacker from impersonating Peer A, because other peers will only synchronize documents from Peer A when they have a direct connection to Peer A, and can verify their certificate is valid.