Restricts
Once you defined your entities, you need to specify specify access rules: who can do what to them. Without them your data integrity is compromised, e.g.: any user can delete your post on the social network, create posts under your name, make a bank transfer from your account, or check one of your TODO tasks as done.
The Codomat controls access to entities using Restricts. A restrict is defined on an entity and for specific operations (create, modify or delete). Unless the restrict condition applies, the operation is denied on the entity.
We will see the restricts from the social network example,
This restrict ensures that users can only post under their username and with correct timestamp:
Restrict on create posts
enforce author = current_user.id
enforce timestamp = now
.
This restrict allows only the author of a post to modify or delete it:
Restrict on modify and delete posts
ensure record.author = current_user.id
.
This restrict ensures that a user can only follow others from their account:
Restrict on create follows
enforce follower = current_user.id
enforce timestamp = now
.
With the correct restricts on your entities, you are confident your backend keeps your data sane and secure. This gives you a sound backend on which you can base your app.