Support world-readable hunt folder when checking authentication (fixes #561)

[rgossiaux]

Actually I just remembered that if you do this (link-share your drive folder) then everyone shows up as anonymous animals. Maybe we shouldn't support this at all & force users to add people to the Drive folder.

[erwa]

Actually I just remembered that if you do this (link-share your drive folder) then everyone shows up as anonymous animals. Maybe we shouldn't support this at all & force users to add people to the Drive folder.

This sounds like a policy decision each team can make. I like the flexibility of allowing a team of making everything world-readable if they don't want to bother adding each person individually, even if personally I think it's a better experience if you add all team members individually so they show up with names instead of as anonymous.

[rgossiaux]

That's true, but people might not realize that it'll happen. Personally I don't mind taking an opinionated stance if it's going to give people a better experience. But we can leave it how it is.

In my dream world Cardboard just creates the Drive folder when you create a new hunt & it manages the permissions for you, making this a non-issue. Maybe some day...

[erwa]

Yep, was thinking the same thing. In the future, if Cardboard manages all permissions (you define users in Cardboard and Cardboard goes and creates the Google Drive folder and sets up the permissions properly), this isn't an issue. I think we'll probably have to move to this model to properly support multi-tenancy since I don't think it makes sense for Cardboard to query all hunts during login to figure out which hunts a user has access to.