Abort message as part of role privilege predicate possible?

Help
1

Is printing an abort/error message as part of a role privilege predicate somehow possible?

privileges: [{
    resource: "Collection",
    actions: {
          write: `(originalDoc, newDoc) => {
  if(originalDoc.owner != newDoc.owner) {
    abort({
      code: "insufficient_permission",
      message: "Insufficient Permission. Only the Owner is allowed to change the owner."

    })
  }
  
  if(originalDoc.access != newDoc.access) {
    if(originalDoc.access.any(
        (.entity == Query.identity() || .entity == Query.identity().activeOrganization)
        && .action == "UNRESTRICTED"
      ) 
    ) {
      true
    } else {
      abort({
        code: "insufficient_permission",
        message: "Insufficient Permission. Only the Owner is allowed to change the owner."
      })
    }
  }
  
  doc.access.any(
    (.entity == Query.identity() || .entity == Query.identity().activeOrganization)
    && .action == "WRITE"
  )
}
`
      }
    }
2

Hi @Mike

If a Role predicate encounters an error, the error is dropped, and predicate resolves to false. You should be able to include abort in your predicate, but the error message from abort is not going to make it to the caller, they will just get the standard permission denied error.

image

image
image1365×603 107 KB

3

@ptpaterson Ok, that’s the same as what I had experienced. I was hoping for some secret mechanism to get the message printed to the calling instance :sweat_smile: But in that case, see you in a moment in Feature requests :smirk:

4

Created feature request for it.

5

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.