"Changed" events for projections #199
Comments
nickasd
changed the title
|
I recommend you to not use projections. You can filter data in hooks. But don't forget to filter subscription operations in I'll try to publish my high-level library for access control in near future. |
|
@balek How can data be filtered in hooks? Can you provide a code snippet? This would be interesting to me. Just not sure exactly how to do it. Thank you. |
|
Something like this: There still a lot of stuff to do. This code only controls reading of data (and not finished). You should also check queries (using server-query is the best way IMHO) and submitted operations. Also be aware that And check |
|
@balek Thank you for your help. Is there a specific reason why you suggest not to use projections? I can imagine that using projections is still more efficient than retrieving the data and then deleting the unnecessary properties (specifically if the data is large). |
|
Hm... I was talking about projections as a solution to restrict access to some data. In this case hooks are more flexible and simpler to use (you can't confuse collection and projection names). If you want to decrease traffic usage, I'm not sure if sharedb has a good solution for you.
I believe projection works the same way. They are not used on a Mongo level. But I'm not sure. |
Could you please elaborate on why hooks are more flexible? I thought that was exactly the use case for projections. |
|
Do you have a link to info about queries (server-query)?
thanks
…On Thu, Mar 15, 2018 at 10:18 AM, Alexey Balekhov ***@***.***> wrote:
Something like this:
backend.use 'doc', (req, next) ->
if req.agent.stream.isServer
return next()
doc = req.snapshot.data
if req.collection == 'users'
delete doc.password
next()
backend.use 'op', (req, next) ->
if req.agent.stream.isServer
return next()
if req.op.create or req.op.del
# TODO: finish
return next()
i = 0
while i < req.op.op.length
op = req.op.op[i]
if op.p.join('.') == 'password'
_.remove req.op.op, i
else
i += 1
next()
There still a lot of stuff to do. This code only controls reading of data
(and not finished). You should also check queries (using server-query is
the best way IMHO) and submitted operations.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#199 (comment)>, or mute
the thread
<https://github.com/notifications/unsubscribe-auth/AADwh6pgX-9NkVbzZyM0_k9MgxDXywRuks5tejH6gaJpZM4Sq9TG>
.
--
http://reganmian.net/blog -- Random Stuff that Matters
|
https://github.com/dmapper/server-query It's a little broken - not updated since ShareJS times. But can be easily fixed.
You can dynamically decide which fields should be hidden. For example, make user settings visible only for the user himself, not others. Or you can give full access to admin. |
Ok, I agree that hooks could be a possible solution to the problem. The question now is: since the clients will always access the real collection instead of the projection, how can the server differentiate the two cases: 1) the client wants the entire document, 2) the client only wants part of the document as defined in the projection? |
|
As I said, I misunderstood your problem. If you want to decrease traffic usage, I know only two solutions: sharedb projections and MongoDB aggregation queries. |
As seen in #143, in a projection subscription no "changed" events are sent. Is this a design decision? In my opinion projections would be a far more powerful feature if they completely behaved like real collections.
The text was updated successfully, but these errors were encountered: