search

linkeddata / dokieli

:bulb: dokieli is a clientside editor for decentralised article publishing, annotations and social interactions
https://dokie.li/
Other
795 stars 81 forks source link

Use 'WAC-Allow' HTTP header if available #259

Closed csarven closed 3 years ago

csarven commented 5 years ago

WAC-Allow header indicates access control information for user and public eg. read, write, control.

It can be used:

eduardoinnorway commented 5 years ago

Is the "feature" implemented?

csarven commented 5 years ago

Do you mean WAC-Allow? Yes, that's available from Solid-based servers. If dokieli detects that header, the UI can reflect that.

timbl commented 5 years ago

See for example https://github.com/linkeddata/rdflib.js/issues/332 where this will be fed into rdflin.js's 'is this editable?" function. That will affect the UI in various ways, and avoid prompting users to edit data they won't be able to save back.

csarven commented 5 years ago

So far the edit function is decoupled from the save function. Editing is done on the DOM, and saving the changes can be made to URI, localStorage, or export document to local filesystem. This for instance allows offline mode to work in which DOM changes can be autosaved to localStorage. If the edit option gets disabled because it can't be eventually written back to the request URI, then we lose the other features.

We could let the user know that because the document is not editable, it can't be saved at URI but that changes will be saved to localStorage or can be exported if they want to preserve their changes.

What do you think?

As the "Save" button is tied to URI writes, I still like the idea of disabling the save function if no "write" or "append" or "editable" is encountered in WAC-Allow.

Aside: the solid/specification's draft stance on WAC-Allow is that a server MUST support it but we haven't yet worked out the conformance level for applications. I'd suspect that it'll be a SHOULD/MAY.

csarven commented 3 years ago

This is now implemented. If WAC-Allow header is available, it'll be used to determine whether the "Save" button will be actionable or not (disables the HTML button). Screenshots show the developer console to give a quick sense:

WAC-Allow header not including user=write and public=write disables the "Save" button on the menu:

image

WAC-Allow header including user=write or public=write enables the "Save" button on the menu:

image