Skip to content

Collaborative editing for other apps (deck, tables, etc) #8870

Description

@max-nextcloud

Is your feature request related to a problem? Please describe.
Would be great to edit deck cards and the like collaboratively

Describe the solution you'd like
Allow creating a collaborative editor without a file id.

Describe alternatives you've considered
Different design decisions in terms of api and authorization - but no fundamentally different approach.

Identifier

Currently collaborative editing sessions are identified by the file id of the document. This won't work if there's no file behind the session.

Authorization

We need to make sure:

  • Only users who were granted access can join the session.
  • Only visitors with access to the right tokens can join the session.
  • Read only access is respected (i.e. does not grant editing abilities).
  • The architecture is flexible and works with different apps.

Token based

  • Each session is identified with a token.
  • The token has enough entropy to not be guessed and is treated as a secret.

Pros:

  • Easy to implement the happy path.
  • Access management is delegated to the apps in question

Cons:

  • Harder to implement readonly access (second token, how to identify the doc?)
  • Harder to revoke access - token has been leaked, need to use a new one.

Permission Request Event based

  • When someone tries to access a document a server side event is emitted.
  • The apps granting access handle the event and react accordingly

Pros:

  • Responsibility of apps to handle permissions is made explicit

Cons:

  • Only works with access to server php code. (Not a limitation for now)
  • App responsibilities are not clearly separated. What if another app handles the event instead?

Two events (Query and update)

  • When someone tries to access a document a server side event is emitted.
  • The apps granting access handle the event and react accordingly
  • When permissions are revoked from a user an event for that user is triggered by the app in question and text knows it needs to ask again.

Cryptographic signatures (JWT and the like)

Metadata

Metadata

Assignees

Labels

enhancementNew feature or request

Fields

No fields configured for Enhancement.

Projects

Status
🏗️ In progress

Relationships

None yet

Development

No branches or pull requests

Issue actions