opensource-observer
Enable users to share notebooks with a limited set of users or orgs
Currently we only have two states: public (viewable to anyone, but only editable or executable to people within an org) and private (editable and executable only to people within an org). We should consider a more fine-grained set of sharing permissions.
Previously:
Currently if a user tries to view a private notebook that they don't have access to, they simply get a 404. We should give them a 401 error instead and a message like "Sorry, this is a private notebook".
That way they can differentiate between getting a bad link vs a valid link that isn't public.
![linear[bot] avatar](https://avatars.githubusercontent.com/in/20150?v=4 "Published by a pub.dev verified publisher"){kind=small}
This is not typical for security reasons. You don't want people enumerating what are valid private notebooks on your system. Try any private GitHub repo as an example.
Suggest close as not planned.
Hmm… will need to think through this further.
I can definitely imagine cases where the flow we want is: share notebook -> user is not authenticated or doesn't have account -> user logs in or signs up --> views notebook.
Maybe this is part of bigger feature that lets an admin grant access to a set of users … or maybe even any user that's part of an org.
Moving to web studio backlog and changing the title to "Enable users to share notebooks with a limited set of users or orgs"