flood
flood copied to clipboard
Flood-UI
User permissions / private and shared torrent downloads
Hey there, awesome work so far!
So I noticed that while you can create users in the interface, the implementation so far seems pretty limited.
As far as I'm aware, all users seem to be able to see a list of torrents that any user is downloading and what's more, all users seem to have full permission to do as they please to these torrents and even other users, deleting them at will.
My current wish list would be:
-
User groups, so that certain users are set as admins etc. The user groups could be defined by an admin.
-
User groups would come with access controls that limit what they can do, what settings they can change etc.
-
By default downloading a torrent would only be available to the user who downloaded it. Maybe each user could have a separate directory in the downloads folder.
-
However a user can choose to make a downloaded torrent visible to all or a group of other users.
I'd love to work on this. I did a quick google and found this:
https://github.com/ForbesLindesay/connect-roles
that ties in very well with passport.js which you are using.
You're right, users right now have access to everything. I do agree that some sort of ACL would be beneficial.
I would gladly accept some help in this effort. While this feature would be awesome, I don't think it's the most important feature at the moment, and I think I should be focusing on other features.
If you're up for it, let's discuss how best to implement this before you begin working on it.
Thanks!
Sure sounds good! How do you want to disccus this. Either here, via email or some other method?
@Astridax Sorry for the delay — I'd love to use Slack for this type of discussion, and then maybe we can use this ticket to document the concrete decisions that come from the discussion(s). How does that sound?
Crikey @jfurrow @neolectron, I totally missed your message, only just now seeing them. For sure, I'm happy to work on this and I currently have a bit of time to do so. Just post your slack details and I'll pop in!
@Astridax sorry for the delay, I also missed this :(
You can get invited automatically to the Flood Slack channel at https://join-flood-talk.herokuapp.com/
Unfortunately the link appears to be broken.
On Tue, 28 Feb 2017 at 06:01, John Furrow [email protected] wrote:
@Astridax https://github.com/Astridax you can get invited automatically here: https://join-flood-talk.herokuapp.com/
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/jfurrow/flood/issues/216#issuecomment-282950560, or mute the thread https://github.com/notifications/unsubscribe-auth/ABequ1-HTxa5DMRZsPNSHV5kM9bvLiQwks5rg7g_gaJpZM4LdQFC .
@Astridax sorry again for the delay. Also sorry for the broken link to join the Slack group, my free Heroku instance ran out of resources for the auto-invite app.
After thinking about it some more, I think this is the right place to discuss the implementation, rather than Slack. So let's get it started, if you're still interested!
When this came up a while ago, I was thinking it would make sense to run one instance of rtorrent per user. I'm not sure this is a good idea, anymore, but I'm curious to hear your thoughts.
If we use a single rtorrent instance, then Flood has to manage assigning torrents to individual users and filtering them on each request. I have concerns about the performance implications of this, but maybe it's not such a huge deal.
Anyway, this is really the only detail I wanted to solidify, I guess. I totally agree with the level of access control you described in your original post.
I'd be eternally grateful if you'd be willing to devote some energy to implementing this. Is there anything I can do to help you get started?
I'm down to work on this next.
I think the easiest solution would be to add a property on the torrent that can tell us if a given user can read/write that torrent. I've got some ideas; I'll try to write it up in the next few days.
