{"id":13721244,"url":"https://github.com/kuzzleio/kuzzle-plugin-sample-custom-policies","last_synced_at":"2025-05-07T13:32:04.896Z","repository":{"id":71813458,"uuid":"127429348","full_name":"kuzzleio/kuzzle-plugin-sample-custom-policies","owner":"kuzzleio","description":"Example of advanced permission management with a Kuzzle plugin","archived":true,"fork":false,"pushed_at":"2018-08-22T17:15:12.000Z","size":12,"stargazers_count":1,"open_issues_count":1,"forks_count":0,"subscribers_count":12,"default_branch":"master","last_synced_at":"2024-11-14T10:38:32.683Z","etag":null,"topics":["kuzzle","kuzzle-plugin"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/kuzzleio.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null}},"created_at":"2018-03-30T13:06:31.000Z","updated_at":"2023-05-11T13:09:50.000Z","dependencies_parsed_at":"2023-09-10T16:00:55.584Z","dependency_job_id":null,"html_url":"https://github.com/kuzzleio/kuzzle-plugin-sample-custom-policies","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kuzzleio%2Fkuzzle-plugin-sample-custom-policies","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kuzzleio%2Fkuzzle-plugin-sample-custom-policies/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kuzzleio%2Fkuzzle-plugin-sample-custom-policies/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/kuzzleio%2Fkuzzle-plugin-sample-custom-policies/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/kuzzleio","download_url":"https://codeload.github.com/kuzzleio/kuzzle-plugin-sample-custom-policies/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252886543,"owners_count":21819734,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["kuzzle","kuzzle-plugin"],"created_at":"2024-08-03T01:01:14.469Z","updated_at":"2025-05-07T13:32:04.547Z","avatar_url":"https://github.com/kuzzleio.png","language":"JavaScript","funding_links":[],"categories":["Plugins"],"sub_categories":["Boilerplates \u0026 Examples"],"readme":"# Sample \"custom policies\" plugin for Kuzzle\n\nThis plugin demonstrates how we can use custom code to manage custom permissions.\n\n## How it works\n\nLet's assume that we have an application in which we do not want to allow non-admin users to view, update or delete other user's items.\n\n### Update/delete queries\n\nRun [assertCanUpdate](lib/index.js#L38) **before** the request:\n* fetch the document we want to update or delete, to check its metadata\n* allow the request if the author of the document is current user\n* deny the request otherwise\n\n### search/count queries\n\nRun [addQueryFilter](lib/index.js#L81) **before** the request:\n* inject a filter to the elasticsearch query to filter document owned by current user.\n\n### get query\n\nRun [assertCanRead](lib/index.js#L121) **after** the request:\n* check the metadata of the document given by the request's response\n* allow the request and send back the response if the author of the document is current user\n* deny the request and send back an `ForbiddenError` response otherwise\n\n### mget query\n\nRun [filterMgetResult](lib/index.js#L141) **after** the request:\n* iterate through the response results\n* keep only the documents which author is current user.\n\n## Install\n\nClone this repository locally and make it accessible from the `plugins/enabled` directory relative to the Kuzzle installation directory. A common practice is to put the code of the plugin in `plugins/available` and create a symbolic link to it in `plugins/enabled`.\n\n**Note.** If you are running Kuzzle within a Docker container, you will need to mount the local plugin installation directory as a volume in the container.\n\nPlease refer to the Guide for further instructions on [how to install Kuzzle plugins](https://docs.kuzzle.io/guide/essentials/plugins/#how-to-install-plugin).\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuzzleio%2Fkuzzle-plugin-sample-custom-policies","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fkuzzleio%2Fkuzzle-plugin-sample-custom-policies","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fkuzzleio%2Fkuzzle-plugin-sample-custom-policies/lists"}