1 roles { 2 role user 3 comment "Regular user."; 4 role admin 5 comment "Super-user."; 6 }; 7 8 struct company { 9 comment "Controlling organisation."; 10 field name text limit gt 0 11 comment "Name of the organisation."; 12 field id int rowid; 13 insert; 14 roles admin { 15 insert; 16 }; 17 }; 18 19 struct user { 20 comment "A regular user."; 21 field company struct cid 22 comment 23 "This struct will be filled in from an inner join 24 on the \"cid\" variable."; 25 field cid:company.id int actdel cascade 26 comment "A foreign key reference."; 27 field hash password limit gt 0 28 comment 29 "Password hash. 30 This is passed to inserts and updates as a password, 31 then hashed within the implementation and extracted 32 (in listings and searches) as the hash value."; 33 field email email unique 34 comment "Unique e-mail address."; 35 field name text 36 comment "User's full name."; 37 field uid int rowid; 38 search email,hash: name creds 39 comment 40 "Search for a unique user with their e-mail and 41 password. 42 This is a quick way to verify that a user has entered 43 the correct password for logging in."; 44 search uid: name uid 45 comment "Lookup by unique identifier."; 46 update hash: uid: name hash 47 comment "User updating their password."; 48 update email: uid: name email 49 comment "User updating unique e-mail."; 50 insert; 51 roles user { 52 search uid; 53 update hash; 54 update email; 55 noexport uid; 56 }; 57 roles admin { 58 insert; 59 }; 60 roles default { 61 search creds; 62 noexport company; 63 noexport cid; 64 }; 65 }; 66 67 struct session { 68 comment "Authenticated session."; 69 field user struct userid; 70 field userid:user.uid int 71 comment "Associated user."; 72 field token int 73 comment "Random cookie."; 74 field mtime epoch; 75 field id int rowid; 76 search id, token: name creds 77 comment "Search for logged-in users."; 78 insert; 79 delete id: name id 80 comment "Delete by identifier."; 81 roles user { 82 insert; 83 delete id; 84 }; 85 roles default { 86 search creds; 87 }; 88 };