Closed nichtich closed 1 year ago
Sounds good, but wait until we actually need it. This may clash with creator
and contributor
at least when a user is not logged in but only get's privileges via ip
.
Makes sense, better wait for a use case, but keep this solution in mind. 👍
In https://github.com/gbv/cocoda/issues/693 we want selected users to be able to delete items of other creators for cleanup (no update!). So we could change implication of config key identities
at delete
so all accounts listed there can delete all items. Disadvantage: this may be confusing and it is not possible to configure a jskos-server instance for a set users, each editing their own items.
Better close this original issue and add a crossIdentities
key for action update
and delete
:
crossIdentities
: List of URI strings. Can be defined only on update
and delete
actions when auth
is true
. Allows users with an URI given in the list to edit an entity from a different user than the authenticated one.We could also just used the existing crossUser
key and allow it to be a list of URI strings (in addition to a boolean value). Its description matches exactly what we want and there would be no need to add a new config key.
Closed in favor of #184.
copied from this comment to an independent issue
This comment would make sense, not just for mappings/concordances, but for all entities:
create
andread
, the propertiesips
andidentities
mean that only those identities/IPs can perform that action."update
anddelete
, a user can always perform that action if they are authorized and the creator of that particular entity. Ifips
and/oridentities
is set for these actions, those IPs/identities can additionally update or delete entities which belong to no creator URI."identities
inupdate
/delete
.