read
privilege on messages that allow anyone holding that privilege to read the message.participant(channel-id:status)
which denotes the set of all users that are participants in channel-id
holding status
as their Participation status.Message
, Channel
, User
, TimelineEvent
are all ACL entities.Message
with id msg
sent to a channel with id chnl
by the user axe
. A Message
is an ACL entity to which the following privileges can be applied:read_message
delete_message
axe
now wanted to send a message to the channel that only rylai
could read, he would send the message with his custom ACLs:rylai
s device and only she will see it when she fetches messages via HTTP.axe
wants to send a message to everyone in the channel except rylai
because rylai
has been acting way too cool recently. To do so, he can set the ACLs as:p-list
an the m-list
. The p-list
consists of all ACLs that have a +
permission and similarly the m-list
consists of all ACLs that have a -
permission. To check whether a given user has access to a privilege on an entity, we check if:+read:user(axe)
, -read:participant(chnl)
would still result in the read
privilege not being granted to axe
p-list
results in no privileges being granted to any user. This however is not permitted in the system due to default ACLs and sticky ACLs kicking in, which is covered further below..system
has complete access of all the data of the application. Moreoever, certain privileges, like -revoke_tokens_for_self
is a privilege that a user is always granted and this cannot be overriden. To keep these constants in place, there are two ACL lists that are maintainted for each entity:+add_participant:user(.system)
which means that you can always add a participant to any channel using an application key/secret.user(user-id)
Represents a single user having the provided id.participant(channel-id:status)
Represents the group of users which are a participant in the channel with the given channel id, with a particular participation status.any_user()
Represents any authenticated user.user(.system)
and user(.anonymous)
are forbidden.COMING SOON Soon, users can be assigned anaclTag
and all users belonging to an acl tag can be selected usingacltag(tag-name)
.
Channel
and User
coming up in the next release. We will also be releasing partial access to ACLs on Application
via certain configuration options in the subscriber panel.join_channel
Join the channel (add oneself)add_participant_to_channel
Add any other user as a participant to the channellist_participants
List the participants of the channelremove_participant
Remove any other user as a participant to the channelremove_self
Remove oneself from the channeldelete_messages_from_channel
Delete messages from the channelread_from_channel
Read the channel object and send messages to itsend_to_channel
Send messages to the channel with themselves as the sendersend_as_other_to_channel
Send messages to the channel with anyone else as the senderadmin
for the channel, who alone can add participants to the channel, but anyone could remove themsleves, you would assign the following privileges to channel:NOTE The actual accessor selector for a participation selector isparticipant(chnl:status)
, but for the sake of brevity we have omitted it. Similarly, the actual privileges on messages areread_message
anddelete_message
.
+read_from_channel
:participant(channel-id:Active)
+send_to_channel
:participant(channel-id:Active)
+list_participants
:participant(channel-id:Active)
+join_channel
:any_user()
+remove_self
:any_user()
+read_from_channel
:user(.system)
+send_as_other_to_channel
:user(.system)
+remove_participant
:user(.system)
+add_participant
:user(.system)
+list_participants
:user(.system)
-join_channel
:user(.system)
read_message
Read the messagedelete_message
Delete the messageread_from_channel
privilege on the channel the message was sent to.channel-id
by sender-id
are:read_message
:participant(channel-id:Active)
read_message
:user(sender-id)
delete_message
:user(sender-id)
channel-id
by sender-id
are:read_message
:user(.system)
delete_message
:user(.system)
NOTE Certain privileges on the application will soon be made available on the user object itself, as the user will be defined as an ACL entity. At that point in time, these privileges will no longer be available on an application.
create_channel
- Create a channelcreate_message
- Create a messagecreate_user
- Create a userlist_channels
- List all the channels in the applicationlist_user_data
- List the user data for a user (other than oneself)write_user_credentials
- Revoke/Issue tokens for a user (other than oneself)OutOfBand
messages and is currently not applied or in use anywhere. The privilege list_channels
is required to list the channels in an application, but only those channels will be returned for which the user has a read_from_channel
privilege. The subtle difference that manifests is that if the user does not have that privilege on any channel, this call will return an empty list, but if the user does not have list_channels
privilege, it will return a 403 Forbidden
(with a missing_privileges
error code). A user can not have the list_channels
privilege but still send and receive messages to a channel for which they have the appropriate send_to
and read_from
privileges.create_channel
:any_user()
list_participants
:any_user()
create_channel
:user(.system)
create_message
:user(.system)
create_user
:user(.system)
list_channels
:user(.system)
list_user_data
:user(.system)
write_user_credentials
:user(.system)
.system
cannot list user data for itself or issue user tokens for itself.PatchType.Set
operation overwrites all ACLs for a given entity as is specified in the payload. A PatchType.Diff
operation on the other hand specifies the specific ACLs that are to be added/removed for an entity.-join:any_user()
revokes the join
privilege from every user. Do note that a user can still add some other participant to the channel, since the add_participant
privilege is still available to them. Ideally, we should have revoked both the permissions, but for the sake of brevity we will continue with this example with the single privilege.-join:any_user()
rule from the channel.Diff
type of ACL modification:Set
type operation and instead do:Application
to be modified (or specified up-front for that matter).