Permission enforcement

See Permissions.

function O.withoutPermissionEnforcement(fn)

This function calls the function passed as the argument. Until control flow exits that function, object store operations are executed without permission enforcement, but are attributed in the object history and audit trail to the current user.

The return value is whatever the fn function returns.

function O.impersonating(user, fn)

This function calls the function passed as the argument. Until control flow exits that function, the permissions of the given user are enforced and any audit entries are attributed to that user. O.SYSTEM can be passed as the user argument to execute code with full permissions and attribute actions to the special ‘SYSTEM’ user.

The return value is whatever the fn function returns.

Examples

O.withoutPermissionEnforcement(function() {
    // Do privileged operation, for example...
    var query = O.query().link(T.Person, A.Type);
    query.execute().each(function(object) {
       // ... do something with every single person object stored
    });
});

O.impersonating(O.SYSTEM, function() {
    // Do privileged operation which should not be attributed
    // to any particular user
    something.deleteObject();
});