Skip to main content

Custom filters for Records

caution
This documentation page is targeted to developers so they can properly store filters in the database for records access.

Permissions filters for Records are set up under the permissions field in the parent Form. There are the 4 basics type of permissions and also a unicity filter:

  • permissions.canCreateRecords
  • permissions.canSeeRecords
  • permissions.canUpdateRecords
  • permissions.canDeleteRecords
  • permissions.recordsUnicity
info
If one of the property is empty, the default behavior is to give the corresponding permissions to all the users. Once you add some filters to a property, only corresponding users will benefit from the permission.

CanCreateRecords

The create permission works the same as other Permissions in Oort. This property is an array of Role IDs which have the permission to create a record.

E. g. : With canCreateRecords: [5fc7a0c57b24a13a92f998d0, 5fc7a254c2ec093bec0e1c13], I can create records if I have at least one of the two roles In my user’s roles list.

CanSeeRecords (CanUpdateRecords, CanDeleteRecords)

The read permission filter works the same way as the update and the delete permission. The canSeeRecords property is an array of objects containing two fields: role: ObjectId and access: Object.

canSeeRecords: [
{
  role: ObjectId
  access: {
    condition: String,
    rules: [
    {
      field: String,
      operator: Enum,
      value: String
    }]
  }
}]

Between each element of the canSeeRecords array, there is an implicit or logic. There is also an implicit and between role and access. It means that we will define conditions for each role separately.

info
We can define access for all roles simultaneously if the role field is left empty. It is also possible to leave the access field empty so it always return true for every documents.

RecordsUnicity

The recordsUnicity property define rules which should help to find a unique record per user. It works exactly the same way as the access field in canSeeRecords:

recordsUnicity: {
  condition: String,
  rules: [
  {
    field: String,
    operator: Enum,
    value: String
  }]
}
info
These rules will be applied whatever the role.

Access

The access object goal is to define a filter that will be then converted in a mongo query in the back-end. For this purpose, you must first specify a condition that will be used between each of the rules. At the moment, you have only two choices: or / and.

Rules

A rule is divide into three parts: a field, an operator and a value.

Operator

It is the operator used to link the field and the value. At the moment the following are supported:

OperatorsDescription
`=`, `!=`Query records with `field` matching/not matching exactly `value`.
`<`, `<=`, `>`, `>=`Used when `field` type is number or date. Query records with `field` matching de condition with `value`.
`in`, `not in`Query records with `field` in/not in the array `value`.
`contains`Query records with fields corresponding to the regex value.
`match`Used when `field` is an array and `value` an object. Query records with at least one element of the `field` array is matching with conditions in `value`. E. g. :
{
    "field":"createdBy.positionAttributes",
    "operator":"match",
    "value":
    {
        "value": "France",
        "category": "6034e020bcffc3001f7003b0"
    }
}

Value

It’s a string defining the value we use to compare with the corresponding field. The string can be directly the value to use or a code to fetch a value from the database.

caution
If you want to pass an object into value, you need to stringify it first using JSON.stringify() method.

Currently there is only one code supported:

CodeValue
$$ownCurrent user (type: User) with all his fields populated.

We can then access embedded values using dots in the same way as for the field attribute.

E. g. : $$own.positionAttributes.value

Then, it is possible to apply some filters to these value using again another code:

CodeAction
$$where:<field>:<value>Used on an array, it will filter this array to keep only elements which have a certain <field> equals to a certain <value>. If there is only one element corresponding to this filter, it returns the element itself and not an array with a single element.
info
It can then be chained with nested field access. method.
E. g. : $$own.positionAttributes.$$where:category:6034e020bcffc3001f7003b0.value  Returns fields value from positionAttributes from the current user where the category is equals to a specific ObjectId.