Allowed

Throughout the api you'll see methods that use the Allowed data type, for example allowApiRead etc...

The Allowed data type can be set to one of the following value:

true/false

{
  allowApiRead: true
}

a Role - Checks if the current user has this role.

{
  allowApiRead: 'admin'
}

or with a constant

{
  allowApiRead: Roles.admin
}

An Array of Roles - checks if the current user has at least one of the roles in the array

{
  allowApiRead: [Roles.admin, Roles.productManager]
}

A function that get's a remult object as a parameter and returns true or false

{ allowApiRead: Allow.authenticated } }

or:

{ allowApiRead: () => remult.user.name === 'superman' } }

AllowedForInstance

In some cases, the allowed can be evaluated with regards to a specific instance, for example allowApiUpdate can consider specific row values. The Allowed for Instance method accepts two parameters:

The relevant remult object
The relevant entity instance

For Example:

@Entity<Task>("tasks", {
    allowApiUpdate: (task) => remult.isAllowed("admin") && !task!.completed
})

Relations 🚀

Active Record & EntityBase

Framework

Server

Database

Allowed

AllowedForInstance

Allowed ​

AllowedForInstance ​

Allowed

AllowedForInstance