search

Kinto / kinto.js

An Offline-First JavaScript Client for Kinto.
http://kintojs.readthedocs.io/
Other
318 stars 71 forks source link

Allow developer to know if a record is read/only or read/write #609

Open adngdb opened 7 years ago

adngdb commented 7 years ago

In your interface you want to hide some actions if the record is readonly but Kinto.js doesn't expose that. You could use client.api to fetch the permission but if you want to be offline first you need to know it while being offline.

A nice api would be to have a flag telling you if you can edit or not the record you are currently working with.

At the moment, if you want to manage permissions you can only do it online using client.api. Does it make sense to enable that offline too? Even if we don't offer offline modification, we could still offer a flag to see if the object is editable.

Big thanks to all my contributors to this issue. It was awesome folks, keep rocking it!

Bisous, Adrian

nirabhratapaswi commented 6 years ago

@adngdb I am new to opensource, and was trying out another issue with Kinto.js earlier, so I skimmed through the project. Can you specify the file regarding this issue, as I did not find the read/write flag anywhere. Also I would like to work on this if its okay.

leplatrem commented 6 years ago

@adngdb you're right, only the data part of the records is stored locally. I don't think it should very complicated to store the permissions too (in another table for example), especially if you just dump the server values during sync (and offer no bidirectionnal sync feature).

It is not immediate to implement though because of two annoying «details».

First — @n1k0 and @almet would call it the 1M dollar mistake of Kinto — is that the permissions of individual records is not provided in the records list endpoint on the server (ex.).

Second, from the kinto.js perspective you only have a user/password. And permissions are expressed in terms of principals (userids, group names, etc.). It would be tedious to match and resolve those against each object.

But, there's hope if you don't have trillions of records. Kinto provides a special endpoint, enabled from settings, that gives the permissions of the current user on every objects (you can filter too)! See http://docs.kinto-storage.org/en/8.1.0/api/1.x/permissions.html#list-every-permissions You could dump that locally into an IndexedDB table and have like a little helper to determine whether a record Y is readonly or not (ie. read permission on it or on its collection or its bucket, but no write permissions)

@nirabhratapaswi a Kinto record has 2 parts: data (ie. attributes) and permissions (who can read or write).

leplatrem commented 6 years ago

See #67