The patch permission controls how existing documents in a collection can be updated. It defines which properties can be modified, which ones should be omitted before database update, how the result is filtered after updating, and which real-time events are triggered upon modification.
pick Specifies the allowed properties that can be updated in the request body. Any property not listed here will be ignored.
omit Properties that should be removed from the request body before updating the database.
q Defines the query condition for updating documents. This ensures that users can only modify documents matching specific criteria, such as ownership constraints.
project Determines which fields should be included in the response after the update operation.
io Describes real-time events that should be triggered upon document modification, specifying which users should receive notifications about the update.
{
"collections": {
"todos": {
"schema": {...},
"permissions": {
"user": {
"patch": {
"pick": ["title", "done"],
"omit": ["user"],
"q": {
"user": "$.auth._id"
},
"project": ["_id", "title", "done"],
"io": {
"$.user": ["_id"]
}
}
}
}
}
}
}