You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
We have read and write, but that does not cover a lot of common usecases, where you want to allow creating something, but not edit the parent.
Creating a comment on some thing
Adding a message to a chatroom
Submitting a questionnaire
I think adding an append right fixes these. Just like read and write, this can be an array of Agents. The right will be checked on creating a resource - the parent must have a write or append right.
What if a parent's parent has an append right? Does it traverse?
Append right traversibility
If it traverses, we could re-use existing logic, and keep it consistent. But this would also mean that users may append stuff to children, creating large trees. Sometimes that's what you want, but sometimes you want to limit these options. See also Limit usage of server - agents should not be allowed to create huge sub-trees #111
If the Append right does not traverse (only works for direct children, not grandchildren), we'll have a bit more custom logic needed for the Append check. And we should be wary of users setting persmissive rights on children even then, because the parent may have append, the child can still have edit, which still allows for large trees of (non-constrained) children. But that's up to the children, of course - these could be constrained.
Constraining classes
We could also add an appendOnly property, which can constrain the append right to a specific Class. In both the ChatRoom / Comment and Questionnaire examples, this would definitely be relevant. We could also interpret this to limit the accepted properties, so users can only allow explicitly mentioned Properties.
We might also add an appendLimit property, which sets a limit of how many items can be created. This may be relevant in a questionnaire.
The text was updated successfully, but these errors were encountered:
We have read and write, but that does not cover a lot of common usecases, where you want to allow creating something, but not edit the parent.
I think adding an
append
right fixes these. Just likeread
andwrite
, this can be an array of Agents. The right will be checked on creating a resource - theparent
must have awrite
orappend
right.What if a parent's parent has an
append
right? Does it traverse?Append right traversibility
append
, the child can still haveedit
, which still allows for large trees of (non-constrained) children. But that's up to the children, of course - these could be constrained.Constraining classes
We could also add an
appendOnly
property, which can constrain the append right to a specific Class. In both theChatRoom
/Comment
andQuestionnaire
examples, this would definitely be relevant. We could also interpret this to limit the accepted properties, so users can only allow explicitly mentioned Properties.We might also add an
appendLimit
property, which sets a limit of how many items can be created. This may be relevant in a questionnaire.The text was updated successfully, but these errors were encountered: