How will we implement sharing permissions?
Depends on product requirements. Two cases we've identified are:
1) Within a team, everything is either visible to everyone on the team, or private.
2) Card-level permission scope is supported, e.g. cards (and items under them?) are visible to the set of users associated with that card ("followers"). More like an email thread where users can be included in the thread by invitation, but users not on the thread can't see it (or even know that it exists).
For (2), we could use an Acl object stored with each Item, and do some kind of filtering in the server. (but see #23 ). Depending on what else in the query, we might hit scaling problems if we're vastly overfetching and then have to filter down significantly. We'd need some kind of index on ACL, but the granularity of ACL could be arbitrarily fine -- although in practice it would probably be no worse than order of quadratic in team size (one ACL for each pair of users).
How will we implement sharing permissions? Depends on product requirements. Two cases we've identified are: 1) Within a team, everything is either visible to everyone on the team, or private. 2) Card-level permission scope is supported, e.g. cards (and items under them?) are visible to the set of users associated with that card ("followers"). More like an email thread where users can be included in the thread by invitation, but users not on the thread can't see it (or even know that it exists).
For (2), we could use an Acl object stored with each Item, and do some kind of filtering in the server. (but see #23 ). Depending on what else in the query, we might hit scaling problems if we're vastly overfetching and then have to filter down significantly. We'd need some kind of index on ACL, but the granularity of ACL could be arbitrarily fine -- although in practice it would probably be no worse than order of quadratic in team size (one ACL for each pair of users).