Prompt
Always verify that users have proper authorization to access and modify resources before performing any data operations. This prevents privilege escalation attacks and unauthorized data access.
Key principles:
- Check visibility first: Ensure users can see/access the resource before allowing any operations on it
- Validate operation permissions: Verify the user has specific permissions for the intended operation (read, write, delete)
- Prevent impersonation: Never allow users to change ownership or creator fields to other users, as this constitutes impersonation
Example implementation:
async update(tx, change: UpdateValue<typeof schema.tables.issue>) {
// First verify user can access the resource
await assertIsAdminOrCreator(tx, tx.query.issue, change.id);
// Then perform the operation
await tx.mutate.issue.update(change);
}
// In permissions schema
select: [
(authData, {exists}) =>
exists('issue', q => q.where(eb => canSeeIssue(authData, eb))),
]
This pattern prevents scenarios where users could perform operations on resources they cannot see due to permission changes, and ensures consistent security enforcement across all data access patterns.