Access Control / Permissions

[MentalGear]

A very fine project! I'm new to OT/CRDT, and I was wondering how/if a (central) user/role/group permission based access control can be added?

For example, for a Notes PoC. Also, how would conflicts like these be handled?

• Member C adds a note Test. Member D opens it.
• Member D disconnects X
• Member C sets the note Test to private (not accessible by D)
• Member D makes edits on note Test, and various other edits to other notes
• Member D reconnects to the server

[alecgibson]

You would just return a sensible error code to Member D and handle that client-side (show some alert for example), just as with a traditional HTTP API.

[curran]

If you put access control rules in the middleware on the server, the changes from Member D will be sent to the server but not actually ever applied to the document.

See the docs here: https://share.github.io/sharedb/middleware/op-submission#apply