New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Multi-User Support #165
Comments
Other bookmark tools are providing a first page with all public content, then subpages for public content for each user: |
Local user & role management If you're open to integrating with MIT-licensed 3rd party projects, I've had a good experience with these libraries for implementing user/role management features. It's pretty LDAP vs Local user & role management If an
API Tokens I'm pretty sure integrating this Laravel package will accomplish this goal - https://laravel.com/docs/8.x/sanctum |
So excited for this. LinkAce seems like a great tool and with multi-user support, I'm going to propose my team uses it for link sharing. Thank you, Kovah & contributors! 🎊 |
+1 |
Well, there is a big problem now. Tags, lists and links should be shared between users, but can also be private for a single user.
Similar issues arise when two users add the same Link. The same link can be added by multiple users. Should this even be possible? What if a user wants to add a private link that another user already privately saved? What happens when both users decide to make their links with the same URL public later on? 😕 @jmtrivial @anjunatl @djthread @Metal-Frog @ffraenz Do you have any thoughts on this? I'm kinda lost. |
I'd display the creator/owner of a list next to it (e.g. in a badge or pill behind it or as a prefix "ffraenz/awesome-list". If you feel that would clutter the UI you could only show the owner when there's a conflict. Visually adding an owner badge to lists may also have a motivational effect on the "collectors". About the links, yeah, they may be added multiple times without users knowing. You may reuse meta data already fetched but the user should not be able to find out wether a link was already added or by whom it might have been added (I'm randomly thinking about adding a sleep to trackle timing attacks 🙈). |
Thank you for looking closer at this, Kevin! I'd be happy to help try and brainstorm on this stuff. My thoughts are a bit disorganized here, but maybe there are some ideas you like. Is it possible you could just allow the duplicates until it's not allowed? For instance, maybe when a user sets a list to be public, it would be denied until they change the title (or slug) to be unique? The way I've seen blogs do it, the titles could be the same -- only the slug which is used in the URL must be unique. Or maybe the system could add a "-2" etc to the end automatically so making a list public would be allowed without intervention. I've also done it and seen it done where the slug part of the url actually includes a primary key in it like "mywebsite.com/10-reasons-why-linkace-rocks-2836492". This may also help the issues you're describing. Another idea could be to put the owner's username in the url to namespace them. This would also mean there would be no duplicates, right? Also, Alice would be able to see both lists in your example, no problem. Why can't two LinkAce link records share the same URL? I mean two different URLs often lead to the same place or one redirects to the other, so it's hardly a perfect science here. If necessary, a tool to find dupes might be useful for someone. But maybe there is something in the LinkAce design here I'd want to understand. As for tags, what if, by making a link public, an extra routine around its tags would happen. All tags also need to be public, so any tags which are private would be either dropped and replaced with a public one with the same name if it exists OR the existing private tag would be made public. Anyway, just some naive thoughts. |
Why not keeping the users completely separate from each other? www.linkaceurl.org : admin If a user wants to make something public, they can expose them via their own url. www.linkaceurl.org/user2/links/linkname If sharing is required, let say user1 to user2: www.linkaceurl.org/user1/links/linkname is flagged as accessible by user2/3/4 etc... |
To be clear, this is not an issue with the URLs of LinkAce or from the technical side. It is possible to have two links with the same url that the user wants to save. Sorry for not making this clear enough. |
To cite myself:
😐 Edit: that was one of these moments in programming where nothing seems to work. I noticed that whatever I tried seemed to make things only more complicated. I gonna think through the matter before starting to work on it again. It will be a more simple solution. |
Here are some screenshots of what tags and lists look like. As explained earlier, creating a visual difference between tags or lists with the same name, I decided to "scope" them with the help of the username, which is now placed before the tag. Links will be another topic. I planned to start from scratch for lists of links. There will be a table view and some type of cards. The author will likely be shown, or maybe put in front of the title or something like that. |
You might use a displayname (combination of user+list?) and an id internally. |
Is this implemented? I see the latest version allows you to list users. |
This is not ready yet, the last update was kind of a preparation. |
I thought that might be the case. Thank you very much, I really appreciate LinkAce and the careful thought you put into it. |
This is a ton of work. A new system user is generated while running the migrations. System tokes are bound to that user. Api calls need to be properly authorized, which feels really hacky at the moment. I only implemented link api tests for now.
Update on the API tokens stuff: |
Is there anyone with some experience in Laravel willing to listen to me for a couple of minutes? I feel like I'm heading into a wrong direction with the API stuff. 🙁 |
|
For me it would not be important to be able to share anything between the various users. I would be fine if they'd be completely isolated from each other. Also not an important feature for me personally as I am currently using LinkedAce just for myself. But as a general capability I think it could make the app a lot more attractive if it'd offer multi user support. |
As per the latest poll on this topic (#556), LinkAce v2 will not ship with support for global/system-wide API tokens. I will move the code written until now to a separate branch and go on with other topics. |
One thing that very much surprised me to see is that authenticated users can use the server as a proxy for requests. Thankfully things like the Multi-user support is an awesome feature and I think it's a great enhancement to LinkAce, but at the same time, I would want to be aware of this being a thing before installation if other users might be able to make use of this. Just something to keep in mind while working on multi-user support. Perhaps arbitrary request proxying should be an opt-in/enableable setting per user (group). |
That's indeed an interesting point. Never thought about that. Of course, the new multi-user system is not meant to be like a social network or something where everyone can register. Admins must invite each user, so there's control over who can use your LinkAce. |
LinkAce should support multiple user accounts which then can independently manage their links.
Current challenges:
Definition of Features
Roles and User Management
Permissions
Links, Lists and Tags
Users can lock public or internal lists. In that case only the owner can add new links to it.User Profiles
User Settings
API Access
Admins will be able to generate global API tokens. There will be two versions:(See Please vote: API changes in LinkAce 2 #556)Migration
Final Tasks
The text was updated successfully, but these errors were encountered: