search

dmfs / opentasks

A task app for Android
Apache License 2.0
943 stars 249 forks source link

Prevent editing of read-only tasks #851

Open googol42 opened 5 years ago

googol42 commented 5 years ago

Hello

currently it is possible to edit/delete read-only tasks. The UI also allows to create tasks in resources one is not allowed to write.

You can for example share a calender/task list with somebody on Nextcould, but only give the person read-only access.

Expected: Prevent creating, changing and deleting of read-only tasks.

dmfs commented 5 years ago

That's a planned feature. The provider has this concept of access levels, but it's not implemented yet.

rfc2822 commented 4 years ago

Maybe it could be a first steps to define some access levels in the tasks contract, but mark them as "not implemented yet".

dmfs commented 4 years ago

I'll do something like that. After giving it some thought, I'll probably go with an access bitmap with a fallback to "full access" when the bitmap is empty.

dmfs commented 4 years ago

@rfc2822 would something like this work for you?

        /**
         * The access level a user has on this list. This is a bitmap of {@code ACCESS*} flags.
         * <p>
         * Value: Integer
         * <p>
         * {@code 0} for legacy behavior (which gives full access) or any reasonable combination of
         * {@link #ACCESS_CREATE_TASKS},
         * {@link #ACCESS_EDIT_OWN_TASKS},
         * {@link #ACCESS_EDIT_FOREIGN_TASKS} or
         * {@link #ACCESS_DELETE_TASKS}.
         * New values (for more fine grained access) may be added in future versions, so make sure you don't set any other bits.
         * </p>
         */
        String ACCESS_LEVEL = "list_access_level";

        /**
         * Bit mask value for {@link #ACCESS_LEVEL}.
         * With this value being set the user is allowed to delete tasks on this list.
         */
        int ACCESS_DELETE_TASKS = 0x0800;

        /**
         * Bit mask value for {@link #ACCESS_LEVEL}.
         * With this value being set the user is allowed to update all fields of tasks owned by others.
         */
        int ACCESS_EDIT_FOREIGN_TASKS = 0x0400;

        /**
         * Bit mask value for {@link #ACCESS_LEVEL}.
         * With this value being set the user is allowed to update all fields of tasks "owned" by the list owner account.
         */
        int ACCESS_EDIT_OWN_TASKS = 0x0200;

        /**
         * Bit mask value for {@link #ACCESS_LEVEL}.
         * With this value being set the user is allowed to create tasks on this list.
         */
        int ACCESS_CREATE_TASKS = 0x0100;