Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Default capabilities when no capabilities record exists #298

Closed
2 tasks
gmaclennan opened this issue Oct 3, 2023 · 2 comments
Closed
2 tasks

Default capabilities when no capabilities record exists #298

gmaclennan opened this issue Oct 3, 2023 · 2 comments

Comments

@gmaclennan
Copy link
Member

Description

Currently when no capabilities record exists for a device, we return "blocked" capabilities, which also says that sync is blocked. The behaviour we actually (probably) want depends on whether this is "own capabilities" or "other device capabilities":

  1. An invited device that has not synced their capability record should be able to read and write their own data. They should not be able to read or write other devices' data.
  2. An invited device that has not synced their capability record should be able to sync auth cores with others.
  3. If no capabilities record exists for a device you are trying to sync with, you should allow syncing auth cores (to possibly receive a capabilities record).
  4. If no capabilities record exists after syncing auth cores, then neither side should allow sync to proceed.

I think this means that we need:

  • A new default capability record, returned when no record exists, that allows read/write own data, but not others, and allows sync of auth cores
  • To enable (1) we need to break down the sync capability by namespace - it would only be enabled for auth namespace in the case above, allowed for all in other cases. In the future we might want to allow adding a "config editor" member, which can only sync the config (and auth) namespace, but not the data.
@EvanHahn
Copy link
Contributor

EvanHahn commented Mar 7, 2024

Was this done in #319? It's been changed a bit since then but here's the code that looks like it does what this issue describes:

https://github.com/digidem/mapeo-core-next/blob/30e637ba74168d106e17d7b3de349abd97f51c74/src/roles.js#L99-L126

@gmaclennan
Copy link
Member Author

Done in #319

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants