File sharing
A typical file-sharing application has three roles per document:
- Owner — the user who created it. Full control; can administer shares.
- Editor — can modify content but not administer.
- Viewer — read-only.
Pore’s built-in inheritance (owner ⊇ editor ⊇ viewer) makes this map
directly to tuples.
Creating a document
Section titled “Creating a document”When a user creates a document, grant the creator owner:
await pore.grants.create({ subject: "user:alice", relation: "owner", object: "document:42",});Sharing
Section titled “Sharing”To share a document as editor with bob:
await pore.grants.create({ subject: "user:bob", relation: "editor", object: "document:42",});Authorizing an action
Section titled “Authorizing an action”Before mutating document 42, check if the acting user has at least editor:
const { authorized } = await pore.check({ subject: "user:bob", relation: "editor", object: "document:42",});
if (!authorized) throw new Error("Not authorized to edit");Alice, the owner, is also authorized via inheritance — no separate check needed.
Listing a user’s documents
Section titled “Listing a user’s documents”To list every document a user can view:
const { objects } = await pore.objects.list({ namespace: "document", subject: "user:bob", relation: "viewer",});Owners and editors are included automatically because inheritance resolves
down to viewer.
Revoking a share
Section titled “Revoking a share”await pore.grants.revoke({ subject: "user:bob", relation: "editor", object: "document:42",});Revocation is immediate at edge latency. The next check call anywhere in the
world reflects the change.