Skip to content

Interface: TableAuth<TCtx>

Defined in: core/src/schema/table.ts:56

Row-level authorization rules attached to a table. Both callbacks receive the request-scoped ctx (typed at the mutators’ definition site) and the row as a plain object.

  • read(ctx, row) — controls whether the row is included in sync/pull patches for this ctx. Applied per change record; a false return silently drops the row from the response.
  • write(ctx, row) — controls whether the ctx may insert / update / delete this row. A false return aborts the mutation’s transaction; the mutation id still advances so the client isn’t stuck retrying.

Both callbacks default to “always allow” when omitted. Rules are only evaluated inside the sync handler — the raw driver escape hatch and createServerDb bypass authorization deliberately (background jobs often need cross-user visibility).

TCtx = unknown

optional read?: (ctx, row) => boolean

Defined in: core/src/schema/table.ts:57

TCtx

Record<string, unknown>

boolean


optional write?: (ctx, row) => boolean

Defined in: core/src/schema/table.ts:58

TCtx

Record<string, unknown>

boolean