Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Read-only client tokens #307

Open
paulgb opened this issue Oct 8, 2024 · 1 comment
Open

Read-only client tokens #307

paulgb opened this issue Oct 8, 2024 · 1 comment
Labels
roadmap

Comments

@paulgb
Copy link
Member

paulgb commented Oct 8, 2024

Allow client tokens to have read-only permissions.
@paulgb paulgb added the roadmap label Oct 8, 2024
This was referenced Oct 8, 2024
Closed
Open
@rolyatmax rolyatmax mentioned this issue Jan 17, 2025
Merged
@rolyatmax
Copy link
Member

This is now implemented in #373. There are some caveats that should be documented, however:

  1. The Y-Sweet server can only prevent updates made to its in-memory source of truth. This is sufficient for ensuring no read-only tokens can write to the source of truth. Preventing local updates in the UI, however, is still left up to the application developer. If the developer doesn't prevent these local mutations in their app, a read-only user may think they are making edits to the shared document when in reality their edits are silently rejected on the server.
  2. Y-Sweet authorization tokens are only recognized by Y-Sweet. That means if the developer uses a second Yjs Provider alongside the Y-Sweet Provider, the read-only user's edits may sync to a client who has full read/write access across the second provider and then in turn get synced to the document held on the Y-Sweet server.

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees
No one assigned
Labels
roadmap
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@paulgb @rolyatmax