I’m trying to set up specific permissions in Alan for an employee user, so that they can only read and update their own profile data. I understand that update permissions in Alan aren’t cumulative, and child node permissions override those in parent nodes. For example, I read that I could make a parent node updatable only by an admin, but at a child level, allow users to update their own information (e.g., with can-update: ^ is ( user ) at the Address node).
However, I’m having trouble getting this to work correctly. I want only the employee themselves or an admin to update their profile data, with no access to other employee profiles. Could anyone help me understand how to set up these update permissions to ensure each employee can modify only their own profile? I’ve tested several approaches but haven’t been able to achieve this behavior yet.
Here’s the code for user and employee
‘Users’: collection [‘Username’]
can-create: user .‘Type’?‘Admin’
can-delete: user .‘Type’?‘Admin’
{
can-update: user .‘Type’?‘Admin’
‘Username’: text
‘Type’: stategroup (
‘Admin’ { }
‘Unknown’ { }
‘cbs’ { }
‘uwv worker’ { }
‘employee’ { }
‘employer’ { }
)
}
…
‘Employee’: collection [‘employee-username’]
can-create: user .‘Type’?‘employee’ || user .‘Type’?‘Admin’
can-delete: user .‘Type’?‘Admin’
{
can-read: user .‘Type’?‘Admin’ || user .‘Type’?‘uwv worker’
‘employee-username’: text → ^ .‘Users’
‘BSN’: number positive ‘bsn-number’
‘first name’: text
‘last name’: text
‘age’: number positive ‘age’
‘address’: collection [‘postcode’] {
‘postcode’: text
‘street name number’: text
‘city’: text
‘province’: text → ^ ^ .‘Provinces’
// stategroup (
// ‘North-Holland’ { }
// ‘South-Hollan’ { }
// ‘Flevoland’ { }
// ‘Utrecht’ { }
// ‘Drenthe’ { }
// ‘Zeeland’ { }
// ‘Brabant’ { }
// ‘Groningen’ { }
// ‘Overijssel’ { }
// ‘Friesland’ { }
// ‘Limburg’ { }
// )
}
‘provinces’: collection [‘Name’] = union (
‘address’ = .‘address’* >‘province’
) {
‘Name’: text → ^ ^ .‘Provinces’ = key
‘employment status’: stategroup = switch ^ .‘employment status’ (
|‘unemployed’ => ‘unemployed’ ( )
|‘employed’ => ‘employed’ ( )
) (
‘employed’ { }
‘unemployed’ { }
)
}
‘email’: text
‘Work field’ : stategroup (
‘IT’ { }
‘Healthcare’ { }
‘Engineering’ { }
‘Education’ { }
‘Finance’ { }
‘Construction’ { }
‘Retail’ { }
‘Logistics’ { }
‘Marketing’ { }
‘Hospitality’ { }
)
‘telephone number’: text
‘employment status’: stategroup (
‘employed’ { }
‘unemployed’ { }
)
‘benefits’: stategroup (
‘jobless’ { } // WW uitkering
‘sickness’ { } // IVA / arbeidsongeschikt
‘elderly’ { } // IOW / AOW ?
‘none’ { }
)
}
//‘provicial-employment’: collection [‘province’] {
// ‘provinces’: text → ^ ^
//}