I should have a way to not show all Properties to all Users
Summary:
Eric's motivating use case:
consider a Space where people submit essays for school. All essays should be readable to all people, but only the teacher and creating student should be able to see the contents of the "Grade" property.
Similarly, take the typical LARP. I'd like players to be able to access their character sheets in the Space. Character sheets should have a GM Notes field, with all sorts of GM-only info. Players should not be able to see the GM Notes.
The problem here is that we can't necessarily use Who Can Read here. At the moment, Who Can Read doesn't get applied to Properties, because it's too easy to mess things up that way. And we'd potentially like to be able to use these hidden fields, and not worry about them too much.
A naive approach would be to simply strip these Properties out of View Source, if (say) Who Can Read said that it wasn't readable. But what about QL? That's the nub of the problem: a non-naive user can trivially circumvent this by writing a snippet of QL, in Explore or even in a comment.
So it's not clear how to do this robustly. It's possible that applying Who Can Read to Properties is the right solution, but that would require:
- We strip those Properties from the User Space Session;
- We also strip the Property Values from all Things in the Session;
- We provide Bless (or something like it), so that summary pages can use the stripped values.
