Open orblivion opened 1 week ago
ocdtrekkie
commented
1 week ago Note that sharing grains can only be done at the level of permissions a user themselves has. But yeah, ideally someday core should have a way to say some users can't share.
I would agree it'd be nice if the proxy had a way to like set a required permission to make a new http proxy request, which it could check when run. That'd be something you could implement within the proxy code I think.
orblivion
commented
1 week ago Sorry I just want to make sure it's clear the behavior I'm talking about. It doesn't have anything to do with users "re-sharing" grains.
Steps to reproduce:
Ideally I would not get the popup within the incognito window. The view-only user shouldn't have permission to do that. Granted, the grain's owner had to actually initiate the request for the popup to show up.
orblivion
commented
1 week ago (edited previous for clarity)
ocdtrekkie
commented
1 week ago Yeah I understood that. Of course for Sandstorm, by default, there is no such thing as a view-only user, that comes down to how the app implements the permissions handed to it.
But the proxy should be able to see those permissions too, so we could have a setting a user can set in the proxy which requires a certain permission to function, but it would be something the app packager would have to set.
I noticed that when a powerbox request popup comes up, it goes to all clients, including share links, and they can all approve the request.
I think it would be good to be able to restrict the approval ability to the grain owner, and/or users with a certain permission. And/or if possible, only show the powerbox flow the client that initiated the request (and let the app make sure that this person is privileged).