TinyBase logoTinyBase

canSetCell

The canSetCell method lets you allow or disallow any changes to a Cell stored on the server, as sent from a client.

canSetCell(
  tableId: string,
  rowId: string,
  cellId: string,
  cell: Cell,
  initialSave: boolean,
  requestOrConnection: Request | Connection,
  oldCell: CellOrUndefined,
): Promise<boolean>
TypeDescription
tableIdstring
rowIdstring
cellIdstring
cellCell
initialSaveboolean
requestOrConnectionRequest | Connection
oldCellCellOrUndefined
returnsPromise<boolean>

This is one of the functions use to sanitize the data that is being sent from a client. Perhaps you might want to make sure the server-stored data adheres to a particular schema, or you might want to make certain data read-only. Remember that you cannot trust the client to only send data that the server considers valid or safe.

This method is passed the Table Id, Row Id, and Cell Id that the client is trying to change - as well as the Cell value itself. The initialSave parameter distinguishes between the first bulk save of the Store to the PartyKit room over HTTP (true), and subsequent incremental updates over a web sockets (false).

The final requestOrConnection parameter will either be the HTTP(S) request or the web socket connection, in those two cases respectively. You can, for instance, use this to distinguish between different users.

Return false from this method to disallow changes to this Cell on the server, or true to allow them. The default implementation returns true to allow all changes.

Example

The following implementation will strip out any attempts by the client to update the 'name' Cell of the 'me' Row of the 'user' Table after the initial save:

import {TinyBasePartyKitServer} from 'tinybase/persisters/persister-partykit-server';

export class MyServer extends TinyBasePartyKitServer {
  canSetCell(tableId, rowId, cellId, cell, initialSave) {
    return (
      initialSave || tableId != 'user' || rowId != 'me' || cellId != 'name'
    );
  }
}

Since

v4.3.12