About read-only mode and permissions

1

Background
After establishing a WebSocket connection, the backend will check the current user’s permissions. If the current user does not have editing permission, all uploaded packets from the client will be discarded.

Requirement
Allows users to modify documents without editing permission, such as by creating a comment.

Problem
The back-end service discards any changes made by the user in read-only mode, so they cannot be persisted.

How to solve this problem safely and gracefully?

We look forward to your suggestions.

1 Like
2

I think you need to customize your WebSocket code to fit it.

I made a socket.io provider with permission control months ago. you can read the code here GitHub - TexteaInc/y-socket.io

1 Like
3

Also, you need discard the update from both the client side and the server side.

1 Like
4

Thank you for your advice.

5

I’m interested in the readonly but comment scenario myself. Did the above described proposal work for you or did you use another one? I’m thinking about just blocking writes but have Comments in another Y.Doc structure. But them yeah, there needs to be a way so that users can not modify comments by other users.