Skip to Content
⚠️Active Development Notice: TimeTiles is under active development. Information may be placeholder content or not up-to-date.
ReferenceAPI ReferenceLibraryCollectionsDatasetsAccess

web

web / lib/collections/datasets/access

lib/collections/datasets/access

Access control logic for the Datasets collection.

Defines read, create, update, and delete permissions based on:

  • User role (admin/editor has full access)
  • Public/private status of datasets
  • Catalog ownership (via denormalized catalogCreatorId)

Since dataset.isPublic=true guarantees catalog.isPublic=true (enforced by hook), we only need to check dataset.isPublic for public access. Private datasets are visible to catalog owners.

Variables

read

const read: Access

Read access: Datasets visible if both dataset AND catalog are public, OR if user owns the catalog. Zero queries - just returns a WHERE clause on indexed fields.

Note: A “public” dataset in a private catalog should NOT be visible to non-owners. The catalog visibility is the top-level gate.

create

const create: Access

Create access: Any authenticated user can create datasets. The beforeChange hook validates that users can only create in their own catalogs (admins/editors can create in any catalog).

update

const update: Access

Update access: Admins/editors can update all datasets, catalog owners can update their own. Uses WHERE clause on indexed catalogCreatorId field for zero queries.

deleteAccess

const deleteAccess: Access = isEditorOrAdmin

Delete access: Only admins/editors can delete datasets.

readVersions

const readVersions: Access = isEditorOrAdmin

ReadVersions access: Only admins and editors can read version history.

Last updated on
lib/collections/datasetsHooks