Permissions sharing
Answered
French Angora posted this in #help-forum
French AngoraOP
Hey guys, i want to make a website and after going trouhg the next.js tutorial decided to implement it with next.js., The website will be about vehicle maintenance. And i Would like to share with other people those vehicles and allow people to share with edit access or view access. What would be a good way to manage these permissions. I've done some research and landed on ABAC approach, but it seems like overkill for something like this since the vehicles should only be seen when the shared link is given to someone.
Answered by B33fb0n3
when you just want a very simple implementation, then you somehow need to share a secret. That can be a token, a password, ...
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
7 Replies
@French Angora Hey guys, i want to make a website and after going trouhg the next.js tutorial decided to implement it with next.js., The website will be about vehicle maintenance. And i Would like to share with other people those vehicles and allow people to share with edit access or view access. What would be a good way to manage these permissions. I've done some research and landed on ABAC approach, but it seems like overkill for something like this since the vehicles should only be seen when the shared link is given to someone.
when you just want a very simple implementation, then you somehow need to share a secret. That can be a token, a password, ...
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
So I suggest when you (as allowed person to share something) click the share button, you get of course the url, but the url also contains a token. When the next person now click the link, the token will be saved another one will be generated and the first token will be invalid (like this the shared token can only be used once).
The user who opened the shared link first has still person to do specific stuff. Inside the share token its saved what the user is allowed to do
Answer
French AngoraOP
Hmm that makes sense. Thank you I will look into that
happy to help
@French Angora if you need
French AngoraOP
This is really helpful thanks again!
@French Angora This is really helpful thanks again!
I forgot one thing: after the server generated the new token, it will be set inside the cookies 🙂
French AngoraOP
One more question. With this approach keeping track of these shared links will be within the server of the app so wouldn’t that make it take up space? Kind of how sessions do when users sign in