allain/items.spec

## items.spec
context items

// Define commands and their respective events when they succeed.
// creatorId would be extracted from the context of the command
command CreateItem {
  title: String!
} -> ItemCreated {
  id: ID!
  title: String!
  creatorId: RefID!
  createdAt: Timestamp!
}

command DeleteItem {
  id: ID!
} -> ItemDeleted {
  id: ID!
  deletedAt: Timestamp!
}

command UpdateItem {
  id: ID!
  title: String
  note: String
} -> ItemUpdated {
  id: ID!
  title: String
  note: String
  updatedAt: Timestamp!
}

// Define a view as its structure (array in this case) and what events feed into it
ItemCreated, ItemUpdated, ItemDeleted -> view Items [
  id: ID!
  title: String!
  note: String
  creatorId: RefID!
  categoryIds: [RefID]
  createdAt: Timestamp!
  updatedAt: Timestamp!
]

ItemCreated, ItemUpdated, ItemDeleted -> view Counts {
  deleted: Int!
  updated: Int!
  created: Int!
  currentCount: Int!
}

// members and admins can create items
allow CreateItem when $user.role = 'member' or $user.role = 'admin'

// allow members to update and delete only their own items
allow UpdateItem when $user.role = 'member' && Items[id].creatorId = $user.id
allow DeleteItem when $user.role = 'member' && Items[id].creatodId = $user.id


// allow admins to update and delete all items
allow UpdateItem when $user.role = 'admin'
allow DeleteItem when $user.role = 'admin'

// Allow everyone to read all items
allow Items

## users.spec
context users

// Define commands and their respective events when they succeed.
command RegisterUser {
  email: Email!
  password: Password!
  passwordConfirm: Password!
} -> UserCreated {
  id: ID!
  email: Email!
  password: Password!
  createdAt: Timestamp!
}

command DeleteUser {
  id: ID!
} -> UserDeleted {
  id: ID!
  deletedAt: Timestamp!
}

command UpdateUser {
  id: ID!
  email: Email
  password: Password
  passwordCConfirm: Password
} -> UserUpdated {
  id: ID!
  email: Email
  password: Password
  updatedAt: Timestamp!
}

// Define a view as its structure (array in this case) and what events feed into it
UserCreated, UserUpdated, UserDeleted -> view Users [
  id: ID!
  email: Email!
  // Note: password is not exposed here but can be used when filtering
  createdAt: Timestamp!
  updatedAt: Timestamp!
]

// guests and admins can create items
allow CreateUser when $user.role = 'guest' or $user.role = 'admin'

allow UpdateItem when $user.role = 'member' && Users[id].id = $user.id
allow DeleteItem when $user.role = 'member' && Users[id].id = $user.id

// allow admins to update and delete all items
allow UpdateItem when $user.role = 'admin'
allow DeleteItem when $user.role = 'admin'


// Allow members to read their own User
allow Users when id=$user.id && $user.role = 'member'

// Allow admins to read all users
allow Users when $user.role = 'admin'

// Guests can query for Users if they specify email and password in the filter.
// The view handlers will perform the filtering internally and return matches
allow Users when $user.role = 'guest' && $filter.email && $filter.password
	context items

	// Define commands and their respective events when they succeed.
	// creatorId would be extracted from the context of the command
	command CreateItem {
	title: String!
	} -> ItemCreated {
	id: ID!
	title: String!
	creatorId: RefID!
	createdAt: Timestamp!
	}

	command DeleteItem {
	id: ID!
	} -> ItemDeleted {
	id: ID!
	deletedAt: Timestamp!
	}

	command UpdateItem {
	id: ID!
	title: String
	note: String
	} -> ItemUpdated {
	id: ID!
	title: String
	note: String
	updatedAt: Timestamp!
	}

	// Define a view as its structure (array in this case) and what events feed into it
	ItemCreated, ItemUpdated, ItemDeleted -> view Items [
	id: ID!
	title: String!
	note: String
	creatorId: RefID!
	categoryIds: [RefID]
	createdAt: Timestamp!
	updatedAt: Timestamp!
	]

	ItemCreated, ItemUpdated, ItemDeleted -> view Counts {
	deleted: Int!
	updated: Int!
	created: Int!
	currentCount: Int!
	}

	// members and admins can create items
	allow CreateItem when $user.role = 'member' or $user.role = 'admin'

	// allow members to update and delete only their own items
	allow UpdateItem when $user.role = 'member' && Items[id].creatorId = $user.id
	allow DeleteItem when $user.role = 'member' && Items[id].creatodId = $user.id


	// allow admins to update and delete all items
	allow UpdateItem when $user.role = 'admin'
	allow DeleteItem when $user.role = 'admin'

	// Allow everyone to read all items
	allow Items
	context users

	// Define commands and their respective events when they succeed.
	command RegisterUser {
	email: Email!
	password: Password!
	passwordConfirm: Password!
	} -> UserCreated {
	id: ID!
	email: Email!
	password: Password!
	createdAt: Timestamp!
	}

	command DeleteUser {
	id: ID!
	} -> UserDeleted {
	id: ID!
	deletedAt: Timestamp!
	}

	command UpdateUser {
	id: ID!
	email: Email
	password: Password
	passwordCConfirm: Password
	} -> UserUpdated {
	id: ID!
	email: Email
	password: Password
	updatedAt: Timestamp!
	}

	// Define a view as its structure (array in this case) and what events feed into it
	UserCreated, UserUpdated, UserDeleted -> view Users [
	id: ID!
	email: Email!
	// Note: password is not exposed here but can be used when filtering
	createdAt: Timestamp!
	updatedAt: Timestamp!
	]

	// guests and admins can create items
	allow CreateUser when $user.role = 'guest' or $user.role = 'admin'

	allow UpdateItem when $user.role = 'member' && Users[id].id = $user.id
	allow DeleteItem when $user.role = 'member' && Users[id].id = $user.id

	// allow admins to update and delete all items
	allow UpdateItem when $user.role = 'admin'
	allow DeleteItem when $user.role = 'admin'


	// Allow members to read their own User
	allow Users when id=$user.id && $user.role = 'member'

	// Allow admins to read all users
	allow Users when $user.role = 'admin'

	// Guests can query for Users if they specify email and password in the filter.
	// The view handlers will perform the filtering internally and return matches
	allow Users when $user.role = 'guest' && $filter.email && $filter.password