Resonite-Issues icon indicating copy to clipboard operation
Resonite-Issues copied to clipboard

Published 20 hours ago verified publisher icon Yellow-Dog-Man

Hard Permission System

Open shiftyscales opened this issue 1 year ago • 10 comments

Is your feature request related to a problem? Please describe.

Resonite's existing permission system allows for some amount of control over the user experience, but has some pretty significant limitations.

  • Most of the existing permissions are binary- either enabling, or disabling functionality outright, e.g. object, and avatar spawning
  • World permissions only exist on a per-world basis, and there is no way to easily ensure a consistent experience across worlds the user hosts (particularly for ones they are not the original creator of)
  • User-made tooling spawned into sessions can disrupt/break consent of users, and be used in harassing ways, e.g. anchoring the user, applying force to the user, etc.

Describe the solution you'd like

A hard permission system which among other things would need:

  • Low level write/modify validations of the data model, locking down parts of it from being modified by users (even in case of malicious client which bypasses the restrictions on user's end)
  • Throttling system - limiting how many objects, components and assets can be spawned/modified per unit of time, preventing people from spamming
  • Type filtering - will limit which datatypes can be introduced into the model for loaded/spawned objects. This will allow filtering out certain components/nodes from avatars, objects, so they can still be brought in, but with restricted functionality. It'll also allow users to spawn certain items, but not others.

This functionality would ideally come with UI so users, and world hosts can set, and establish preferences/defaults for the sorts of experiences they wish to have grouped into various categories, e.g. preventing force from being applied, being anchored, etc.

These permissions would need a few layers of control, e.g. a world creator with a world that has built-in anchors would need to be separated, and distinguished from objects that are added into the world during a session. Users that are entering hosted sessions that do not match their desired comfort level would ideally be warned prior to joining the session that the world contains types of content they have opted out from.

Preferences should be able to be set under certain criteria as well, e.g. having more permissive permissions for contacts, compared to non-contacts. Whenever we further rework the contacts UI, this could also integrate deeper, e.g. assigning permissions to a group of users, or on a per-user basis rather than just broad 'roles' that are controlled solely by the hosted world.

Describe alternatives you've considered

Currently there is no alternative- users that want to ensure a controlled and restricted experience need to tune the existing permission system to meet their needs as best they are able on every single session/world they wish to host.

Additional Context

There are several issues, e.g. #28, #337, #815, #1100, and possibly others which all broadly would be resolved, or significantly improved by the addition of this feature.

This feature would also help ensure additional user control in choosing the types of experiences they are comfortable with across all of the sessions they host/visit.

shiftyscales avatar Jan 08 '24 21:01 shiftyscales