Security in Querki

TODO

  • Currently very powerful, very low-level, rather hard to use well
  • Example: make the Subway Game Space private
  • Example: make one Public Blurb page public
  • List the major permissions and what they do
  • Future enhancement (likely this year): better UI for managing at least basic read/write UI capabilities
  • Testing explicitly with _hasPermission
  • Read permission, and trimming the Space
  • If I don't have Read access to a Thing, it doesn't exist!
  • Very secure, but it can result in surprises -- give an example of a listing page that is missing all the non-visible Things
  • Future enhancement: granting permission to read a given page as I do, for summary pages
  • Note that Anonymous/Public will always be heavily restricted and require moderation, to reduce spam/trolling
  • Basic principle of Querki: some Identity should be responsible for all content. If it doesn't come from a Member of this Space, then one must sign off on it.
<- Prev: More about QL | Up: Advanced Topics | Next: Creating Functions using _apply ->