Open solomonhawk opened 6 years ago
handsmechanical
commented
6 years ago That works. I don't think for our purposes it matters that much but in the event we want to release this to the wider world at some point it would be necessary. Could just introduce Admin and User levels, users could lock their markers if they want but admins would obviously have full delete rights on everything, and just make us all admins.
solomonhawk
commented
6 years ago If we're just going to continue allowing everyone read/write access then I don't think we should add User accounts/Auth. It's really simple with Firebase but would just add complexity if we aren't using them for anything.
This task ties in to several other possible things we want to do such as #18 and #22.
Having real Users and Auth would let us better handle persistent identity and thus chat and user name changes.
https://gist.github.com/solomonhawk/3ef3ae910bdc33fd10a41325eef98950#phase-2-security
At some point it makes sense to spike on the Security phase so we can have slightly better data integrity. I need to lock down Firebase access as well and create rules about who can modify which data.
It seems like it has been handy to allow other people to delete Markers they didn't create (for helping to keep things accurate) - so I am open to input on how we want to handle it. Maybe a Marker is "unlocked" by default and editable by anyone who has access to the Map but can be "locked" so that only the creator can edit it?
Edit:
Tackling this would pave the way for #18 and perhaps #22 along with the possibility of opening this up for other people to use.