Why read permission of destination collection is forced to system.Everyone ?

[leplatrem]

/cc @almet @Natim ?

[almet]

I don't understand the question: can you rephrase?

[leplatrem]

Here https://github.com/Kinto/kinto-signer/blob/0.2.0/kinto_signer/updater.py#L96-L99

[Natim]

This is because the way the signer works is to sign data that are public and read only to be cached by a CDN.

Today we do not have any other usecases but that's something we can change if needed.

[almet]

I believe putting this in the configuration and defaulting to System.Everyone if nothing is set would be a good addition to the project.

If we want to go further, we could have "strategies" for the permission of the destination collection, but I don't think we need this just now.

[leplatrem]

@Natim explained me that since we duplicate records in the destination collection, and since we don't want to duplicate permissions, a read permission is set on the parent destination.

We could also do nothing and leave that to the user during setup.

With the current state of the code, we might to add a warning in the readme :

The current implementation assumes the destination collection will be readable anonymously (See Kinto/kinto-signer#55)

[almet]

"since we don't want to duplicate permissions" is not completely accurate. We actually don't want anyone to be able to write on the destination collection, but we do want to have people write to the origin collection, so the permission set is different (at least for the OneCRL project).

I agree with your proposed solution. I'll state clearly that it's easy to add a configuration option for this. If you need it, please don't hesitate to make a pull request :)