npm - create-instant-app - Versions diffs - 0.22.98 → 0.22.99-experimental.add-user-perm-rules.20792984656.1 - Mend

create-instant-app 0.22.98 → 0.22.99-experimental.add-user-perm-rules.20792984656.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/package.json +3 -3
package/template/rules/AGENTS.md +29 -0
package/template/rules/cursor-rules.md +29 -0
package/template/rules/windsurf-rules.md +29 -0

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "create-instant-app",
-  "version": "0.22.98",
+  "version": "0.22.99-experimental.add-user-perm-rules.20792984656.1",
   "description": "Scaffold a new web/mobile app with InstantDB",
   "homepage": "https://github.com/instantdb/instant/tree/main/client/packages/create-instant-app",
   "repository": {
@@ -33,8 +33,8 @@
     "ora": "6.3.1",
     "slugify": "^1.6.6",
     "sort-package-json": "^2.10.0",
-    "@instantdb/version": "0.22.98",
-    "instant-cli": "0.22.98"
+    "@instantdb/version": "0.22.99-experimental.add-user-perm-rules.20792984656.1",
+    "instant-cli": "0.22.99-experimental.add-user-perm-rules.20792984656.1"
   },
   "devDependencies": {
     "@anthropic-ai/sdk": "^0.60.0",

package/template/rules/AGENTS.md CHANGED Viewed

@@ -166,6 +166,35 @@ newData.ref('x')
 data.ref(someVar + '.members.id')
 ```
+## $users Permissions
+- Default `view` permission is `auth.id == data.id`
+- Default `create`, `update`, and `delete` permissions is false
+- Can override `view` and `update`
+- Cannot override `create` or `delete`
+## Field-level Permissions
+Restrict access to specific fields while keeping the entity public:
+```json
+{
+  "$users": {
+    "allow": {
+      "view": "true"
+    },
+    "fields": {
+      "email": "auth.id == data.id"
+    }
+  }
+}
+```
+Notes:
+- Field rules override entity-level `view` for that field
+- Useful for hiding sensitive data (emails, phone numbers) on public entities
 # Best Practices
 ## Pass `schema` when initializing Instant

package/template/rules/cursor-rules.md CHANGED Viewed

@@ -172,6 +172,35 @@ newData.ref('x')
 data.ref(someVar + '.members.id')
 ```
+## $users Permissions
+- Default `view` permission is `auth.id == data.id`
+- Default `create`, `update`, and `delete` permissions is false
+- Can override `view` and `update`
+- Cannot override `create` or `delete`
+## Field-level Permissions
+Restrict access to specific fields while keeping the entity public:
+```json
+{
+  "$users": {
+    "allow": {
+      "view": "true"
+    },
+    "fields": {
+      "email": "auth.id == data.id"
+    }
+  }
+}
+```
+Notes:
+- Field rules override entity-level `view` for that field
+- Useful for hiding sensitive data (emails, phone numbers) on public entities
 # Best Practices
 ## Pass `schema` when initializing Instant

package/template/rules/windsurf-rules.md CHANGED Viewed

@@ -172,6 +172,35 @@ newData.ref('x')
 data.ref(someVar + '.members.id')
 ```
+## $users Permissions
+- Default `view` permission is `auth.id == data.id`
+- Default `create`, `update`, and `delete` permissions is false
+- Can override `view` and `update`
+- Cannot override `create` or `delete`
+## Field-level Permissions
+Restrict access to specific fields while keeping the entity public:
+```json
+{
+  "$users": {
+    "allow": {
+      "view": "true"
+    },
+    "fields": {
+      "email": "auth.id == data.id"
+    }
+  }
+}
+```
+Notes:
+- Field rules override entity-level `view` for that field
+- Useful for hiding sensitive data (emails, phone numbers) on public entities
 # Best Practices
 ## Pass `schema` when initializing Instant