purxiz / deckollab

0 stars 1 forks source link

Permissions Support #4

Open purxiz opened 4 years ago

purxiz commented 4 years ago

first person to create the deck (person who clicks new deck) should be given three passwords Only one password should display on page initially (edit or view?) Next to password, a select box with options suggest, edit, admin, hidden selecting an option displays the password that will grant that permission (or hidden for hide password). Also next to password, a checkbox for enabled/disabled, which will enable or disable all password protection. If disabled, user can rename the deck, but on every refresh and for every other user, edit will be the default permission.

Keep track of user permissions in the websocket object for that user. A user should only have one permission at a time (entering a higher tier password upgrades that user, whilst entering a lower tier password than a permission they already have does nothing.)

When a user loads a deck that already exists, they should see a password input box, or nothing if passwords are disabled. Passwords should be hashed and salted because why not, and stored in a different model than the decks (indexed by deck collection _id, since url's are sequential and user facing, and that doesn't seem super secure for passwords.)

Permissions (permissions inherit lower permissions): suggest -> user can add or remove their own suggestions see #3 edit -> user can add or remove cards from the deck admin -> user can rename deck, and see other passwords