Set up Access Control Rules

Due to the permissionless nature of decentralized databases, it is essential to have control over who can interact with your database. WeaveDB has a powerful mechanism to precisely set up any advanced logic to your DB instance by combining JsonLogic (opens in a new tab) and FPJSON (opens in a new tab).

In this tutorial, we will cover the basics of JsonLogic.

You can set up rules to either the entire write operation with write or specific operations such as create, update and delete.

So write = create + update + delete.

Within the rules, you can access various information about the contract, block, transaction, and data to be uploaded.

{
  contract: { id, owners },
  request: {
    auth: { signer, relayer, jobID, extra },
    block: { height, timestamp },
    transaction: { id },
    resource: { data },
    id,
    path,
  },
  resource: { data, setter, newData, id, path },
}

And with JsonLogic, you can use var to access variables, such as {var: "resource.newData.user"} to access the user field of the newly updated data.

resource.setter is the data creator. The following ensures only the original data creators can update their own data:

{
  "allow create": true,
  "allow update": {
    "==": [{ var: "request.auth.signer" }, { var: "resource.setter" }]
  }
}

To combine multiple operations, chain them with , like allow,create,update.

To add the rules using the web console (opens in a new tab), click Access Control Rules in the side menu, select people from the Collection list, then click the edit icon in the top right corner of the Rules box.

You can copy & paste the rules object above to the popped-up textarea and hit Add.

Now if you try to update an existing data with another wallet, the transaction will fail.