daybed
daybed copied to clipboard
spiral-project
Sharing single records
Would it make sense to be able to add/remove an identifier to/from records authors ?
It would at least allow sharing per record (imagine a record is a slideshow you want to publish or redact collaboratively).
Related #222
Imagine a model with private records (read_own_records, update_own_records). How can I share records with someone as read-only ?
I guess we should add a notion of readers in addition to authors then.
If you want to let the user add and update its own records and let him read yours you have to use two distincts hawk tokens. One with the read_own_records that will be linked to the records authors and one for your own records.
What we could do is to add differents permission fields to the records:
- own
- read
- update
- delete
If you are in own you get them all, and then you can be in either read/update or delete.
The first option looks quite consistent! Most use-cases will indeed imply sharing private records publicly using a permalink, that could contain this additional token. Plus, accessing the list of records with this token will give all shared records.
But, however as far as I understand, sharing one record will require being allowed to change the model permissions! It thus implies having the right to take the model ownership too :)
We could also imagine to add a finer grain of permissions (regarding model permissions) but can be a huge overkill to distinguish owner's from others etc.
Your second proposition is interesting :) Let's try to define a API and see if we don't fallback into over-engineering :)
Actually for https://github.com/spiral-project/daybed-cloud-share I will need this kind of behavior.
I am working on #268 to at least allow somebody to modify the authors_list. It would be a start.