Permissions sharing
Answered
Blanc de Hotot posted this in #help-forum
Blanc de HototOP
Hey guys, i want to make a website and after going trouhg the next.js tutorial decided to implement it with next.js., The website will be about vehicle maintenance. And i Would like to share with other people those vehicles and allow people to share with edit access or view access. What would be a good way to manage these permissions. I've done some research and landed on ABAC approach, but it seems like overkill for something like this since the vehicles should only be seen when the shared link is given to someone.
Answered by B33fb0n3
when you just want a very simple implementation, then you somehow need to share a secret. That can be a token, a password, ...
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
7 Replies
@Blanc de Hotot Hey guys, i want to make a website and after going trouhg the next.js tutorial decided to implement it with next.js., The website will be about vehicle maintenance. And i Would like to share with other people those vehicles and allow people to share with edit access or view access. What would be a good way to manage these permissions. I've done some research and landed on ABAC approach, but it seems like overkill for something like this since the vehicles should only be seen when the shared link is given to someone.
when you just want a very simple implementation, then you somehow need to share a secret. That can be a token, a password, ...
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
Answer
Blanc de HototOP
Hmm that makes sense. Thank you I will look into that
happy to help
@Blanc de Hotot if you need
Blanc de HototOP
This is really helpful thanks again!
@Blanc de Hotot This is really helpful thanks again!
I forgot one thing: after the server generated the new token, it will be set inside the cookies 🙂
Blanc de HototOP
One more question. With this approach keeping track of these shared links will be within the server of the app so wouldn’t that make it take up space? Kind of how sessions do when users sign in