kevinlustig
commented
9 years ago I've implemented this as a flag for "public" within the Asset schema and added a checkbox for this on the asset add/edit screen. All assets are NOT public by default.
I've also tied this in to the secure API work I've been doing, so only assets marked as public appear in API responses before authentication. All public assets and applicable private (NOT public) assets - for example, assets the authenticated user has created - now appear in authenticated API requests.
assets should have a tag for whether they are internal or general. disaster-info-viewer (the end user access point, actual name tbd) will eventually be password protected and show guests only external/general documents while showing registered users all documents.