Weekly Planner
Domain model

Permissions

Instant permission rules for boards, events, shares, members, and more.

Permissions

Source: instant.perms.ts.

Summary

EntityViewCreateUpdate / delete
boardsowner, member, or enabled share secretauth + owner is selfowner only
eventssame as board viewowner, editor, or edit secretsame
settingsownerownerowner
sharesboard owner, or token lookup via shareTokenboard ownerboard owner
membersboard owner or selfboard ownerowner; self can delete
boardPrefsselfauth + selfself
todosownerauth + selfowner

Bindings (boards)

Typical bindings: isOwner, isMember, isEditor, hasShareSecret.

Share secrets

  • Field rules hide secret / editSecret from everyone except the board owner.
  • Public metadata lookup can find a share by ruleParams.shareToken without exposing secrets.
  • Event writes for share editors must pass ruleParams.secret matching shares.editSecret.

Why /api/invite exists

Clients cannot safely look up arbitrary Instant users by email. Invites verify the caller’s refresh token with the admin SDK, confirm board ownership, resolve the target user, then create/update member + editor links using the same policy helpers as the client (member-policy.js).

On this page