Complex permissions: a real use case we struggle to cover with ACLs and the current state of Solid standards

@alex.bourlier wrote:

Hi,

A common use case we struggle to implement with WebACL permissions is the “Follow” or “Like” use case, where a user has the Acl:Add permission on a container to add herself to the list of followers / likers, but not to add other users to the list of followers / likers.

What we are doing at the moment to implement such features is a mixed of Acl:Add permission on the container of followers / likers plus a custom “Agent” triggered on the server side that does the additional checks on the request on that container before letting it pass.

The problem is that the “Agent” part is totally custom, or totally not Solid standard compliant. We declared it nowhere, the front end app doesn’t know it exists, we just have it so that the server does respond accurately to the use case.

Any insight about the right way to implement such a use case? What’s the elegant Solid way for that?

PS : If you want some background, see the initial issue here. Don’t believe what they are saying about SM groups, they are lying.

Posts: 21

Participants: 7

Read full topic