usergrid

Apache Usergrid 2.x: can you restrict API access by a Data Entity's property value?


Say I have the following API, where users can have zero or more registeredIds, which model identifiers by type (with effective dates).

user-registeredid-association

Two examples of registeredIds include:

// Social Security Number
{
    "id"       : "111-11-1111",
    "type"     : "SSN",
    "validFrom": 315554400000,
    "validTo"  : null,
    "registrationAuthority": "United States Social Security Administration"
},
// Employee ID
{
    "id"       : "12345678",
    "type"     : "employee-id",
    "validFrom": 1262325600000,
    "validTo"  : null,
    "registrationAuthority": "YoYoDyne"
}

When Anonymous User requests an employee, e.g.,

https://api.usergrid.com/your-org/your-app/users/janedoe

Anonymous User should only get a single registeredId.type with the type value "employee-id." Administrators, however, should see both the "employee-id" and "SSN" registeredId.types.

How would Apache Usergrid apply access control by the registeredId.type? I know I can assign permissions, but this is too restrictive. Can I create some kind of Entity SubType? Or should I handle this through relationships?


Solution

  • Currently, Usergrid does not allow you to set property validation checks. One solution to this problem is to have separate "EmployeeID" entities, have a connection from each User to that their id entity and setup permissions so that only authenticated users can access the EmployeeID entities.