:SetAuthorizationCallback

Sets a single, powerful function on the server that acts as a central security checkpoint for all client data requests. This callback is your primary tool for controlling precisely which players can access which data keys.

When a client attempts to :Request() or :Listen() to a realKey, this function is invoked on the server. You can then implement any logic you need.

DataReplicator:SetAuthorizationCallback(callback)

callback: ((player: Player, realKey: string) -> boolean)?

A function that takes the Player object initiating the request and the realKey (string) they are trying to access.
It must return true if access is allowed, or false if it should be denied.
Pass nil to remove the current authorization callback.

GameAuthorization.luau

-- This function defines all our data access rules in one place.
local function myGameAuthorization(player, realKey)

	-- Rule 1: Only allow admins to access admin-specific data.
	local ADMIN_USER_IDS = {12345, 67890} -- Your admin UserIDs
	if string.sub(realKey, 1, 6) == "Admin_" then
		if table.find(ADMIN_USER_IDS, player.UserId) then
			return true -- Allow access
		else
			return false -- Deny access for non-admins
		end
	end

	-- Rule 2: Allow players to access their own data, but not others'.
	-- Assumes keys are formatted like "PlayerData_12345678"
	local success, _, userIdString = string.find(realKey, "^PlayerData_(%d+)$")
	if success then
		if tonumber(userIdString) == player.UserId then
			return true -- Allow access to their own data
		else
			return false -- Deny access to other players' data
		end
	end
	
	-- Rule 3: Allow all players to access public game state data.
	if string.sub(realKey, 1, 7) == "Public_" then
		return true
	end

	-- Default Rule: Deny everything else.
	return false
end

DataReplicator:SetAuthorizationCallback(myGameAuthorization)

PreviousServer-Side API Next:RegisterKey

Last updated 2 months ago