确定用户在查询中的每个对象的权限？

有这样的项目ACL：

projectAcl{ id:1, projectId:1, // those subDocuments can be also a groupId and reference for exteral document auditors:[{userNAme:"John", userId:2},{userNAme:"Marry", userId:12}], colaborators:[{userNAme:"Anna", userId:3},{userNAme:"Eric", userId:4}] } 

然后当调用对象 – 服务器端代码需要应用“有效的权限”

 task{ id:23, projectId:1, /* all fields needed here */ // and here we have fields aded in serwerSide code readOnly:null // } 

只读 – 如果我们在acl列表中有条目，将被作为快速检查进行调用

在聚合下方列出ACL列表给定用户的所有项目 – 可以使用CQRS模式设置任务/项目权限或添加额外的层安全性

 var givenUserId = 4; var matchArraysByUser = { $match : { $or : [{ "auditors.userId" : givenUserId }, { "colaborators.userId" : givenUserId } ] } } var filterArrysByUser = { $project : { _id : 0, projectId : 1, //all needed fields set to 1 colaborator : { $filter : { input : "$colaborators", as : "colaborator", cond : { $eq : ["$$colaborator.userId", givenUserId] } } }, auditor : { $filter : { input : "$auditors", as : "auditor", cond : { $eq : ["$$auditor.userId", givenUserId] } } }, } } var group = { $group : { _id : givenUserId, "auditor" : { $addToSet : { $cond : { if : { $ne : ["$auditor", []] }, then : "$projectId", else : null } } }, "colaborator" : { $addToSet : { $cond : { if : { $ne : ["$colaborator", []] }, then : "$projectId", else : null } } }}} db.projAcl.aggregate([matchArraysByUser, filterArrysByUser, group]) 

输出：

 { "_id" : 4.0, "auditor" : [ null, 2.0 ], "colaborator" : [ 1.0, null ] }