What's missing from the design is the ability to share notes.
What is happening currently
MonoCorpus is meant to share information. The way the web UI works right now, the notes are private. A user can only see their own notes.
What I would like to do is assign permissions per note and project and allow a URL structure to find them.
linik structures
A link structure like monocorpus.com/mtbarta/<project>/<noteid> would be capable of leaking information, but is more informative and composable. I would need to be concerned about the http error returned when a link is missing and when a link exists but the user doesn't have access. The benefit of this method is that the permissions could be looked up during note retrieval, and we'd only require a new collection for project-level permissions.
I could also use something like monocorpus.com/mtbarta/<dbID> where the dbId is an ID to the permissions. The db would need to store permissions for all objects. This method would always require a network hit to find the permissions.
Either way, it looks like attribute-based authorization makes sense here, although i need to explore other options more.
What's missing from the design is the ability to share notes.
What is happening currently
MonoCorpus is meant to share information. The way the web UI works right now, the notes are private. A user can only see their own notes.
What I would like to do is assign permissions per note and project and allow a URL structure to find them.
linik structures
A link structure like
monocorpus.com/mtbarta/<project>/<noteid>would be capable of leaking information, but is more informative and composable. I would need to be concerned about the http error returned when a link is missing and when a link exists but the user doesn't have access. The benefit of this method is that the permissions could be looked up during note retrieval, and we'd only require a new collection for project-level permissions.I could also use something like
monocorpus.com/mtbarta/<dbID>where the dbId is an ID to the permissions. The db would need to store permissions for all objects. This method would always require a network hit to find the permissions.Either way, it looks like attribute-based authorization makes sense here, although i need to explore other options more.