feat(ldapSync.tables): modifed api rules
since users can be listed via a special view nobody but themself should be able to view their whole profile
This commit is contained in:
parent
ab44afa000
commit
696fa4cf2e
|
@ -116,8 +116,8 @@ func createLDAPUsersTable(app *pocketbase.PocketBase) error {
|
||||||
form := forms.NewCollectionUpsert(app, collection)
|
form := forms.NewCollectionUpsert(app, collection)
|
||||||
form.Name = ldapUsersTableName // collection name
|
form.Name = ldapUsersTableName // collection name
|
||||||
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
|
form.Type = models.CollectionTypeAuth // collection type set to auth, otherwise login will not work
|
||||||
form.ListRule = types.Pointer("@request.auth.id != ''") // list rule (only authenticated users can list)
|
form.ListRule = types.Pointer("@request.auth.id != id") // list rule (only user self can list their own data
|
||||||
form.ViewRule = types.Pointer("@request.auth.id != ''") // view rule (only authenticated users can view)
|
form.ViewRule = types.Pointer("@request.auth.id != id") // view rule (only user self can view their own data)
|
||||||
form.CreateRule = nil // create rule (anyone can create)
|
form.CreateRule = nil // create rule (anyone can create)
|
||||||
form.UpdateRule = nil // update rule (anyone can update)
|
form.UpdateRule = nil // update rule (anyone can update)
|
||||||
form.DeleteRule = nil // delete rule (anyone can delete)
|
form.DeleteRule = nil // delete rule (anyone can delete)
|
||||||
|
|
Loading…
Reference in New Issue