Field Access Control is specified with functions inside a field's config. All field-level Controls return a boolean value to allow or deny access for the specified operation. No field-level Access Controls support returning query constraints. All Access Control functions accept one args argument.
| Function | Purpose |
|---|---|
create | Allows or denies the ability to set a field's value when creating a new document |
read | Allows or denies the ability to read a field's value |
update | Allows or denies the ability to update a field's value |
Example Collection config:
Returns a boolean which allows or denies the ability to set a field's value when creating a new document. If false is returned, any passed values will be discarded.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
data | The full data passed to create the document. |
siblingData | Immediately adjacent field data passed to create the document. |
Returns a boolean which allows or denies the ability to read a field's value. If false, the entire property is omitted from the resulting document.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
id | id of the document being read |
doc | The full document data. |
siblingData | Immediately adjacent field data of the document being read. |
Returns a boolean which allows or denies the ability to update a field's value. If false is returned, any passed values will be discarded.
Available argument properties:
| Option | Description |
|---|---|
req | The Express request object containing the currently authenticated user |
id | id of the document being updated |
data | The full data passed to update the document. |
siblingData | Immediately adjacent field data passed to update the document with. |
doc | The full document data, before the update is applied. |