Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add cookie check on edit #6

Open
sourabhtk37 opened this issue May 6, 2017 · 10 comments
Open

Add cookie check on edit #6

sourabhtk37 opened this issue May 6, 2017 · 10 comments
Labels
enhancement

Comments

@sourabhtk37
Copy link
Owner

Checks on whether the same user is trying to edit the snippet.
@sourabhtk37
Copy link
Owner Author

Using django session management.

@nishutosh
Copy link
Collaborator

?elaborate the issue please

@sourabhtk37
Copy link
Owner Author

sourabhtk37 commented Jun 7, 2017
edited
Loading

What?
Normally in request-response cycle, each request from the same user is treated as brand new request.
Now we have to have some mechanism to maintain state between the user and the server (i.e a session).This can be done in many ways but via cookie would be the easiest way to do it.

Why session?
Let's say you created some code_snippet, what if you wanted to see the old snippets that you created an hour ago?
Maintaining a session will be quite useful for short term use.

Alternative
Another mechanism is to use offline DB for larger period of persistence. Something like couchDB or pouchDB will be great.

@sourabhtk37
Copy link
Owner Author

Another thing is:
We are allowing anyone to edit the snippet. We should do something about it but at the same time allow collaboration.
One solution that I think is to allow edit only when the creator of the snippet is online.

@nishutosh
Copy link
Collaborator

why we are not using complete auth then... user will give permissions to others to collab...all its snippet will be saved under him ?

@sourabhtk37
Copy link
Owner Author

I don't think user permission is necessary, it's apparent that user shared the url and is allowing people to edit (unless otherwise specified, we can make a checkbox for that). Also other users have to be logged in to edit too in this case.

Complete auth seems totally unnecessary because a mere session can achieve the same thing. DB space is saved, faster db queries etc

But I would like to hear reasons why complete auth is useful.

@nishutosh
Copy link
Collaborator

Let's say you created some code_snippet, what if you wanted to see the old snippets that you created an hour ago?

Do you want to view all the old snippets for last one hour only ?
Time limit after which the session will be destroyed ?

@sourabhtk37
Copy link
Owner Author

sourabhtk37 commented Aug 6, 2017
edited
Loading

Whatever you saw fit. :)
Note that mobile users will also be using it.

@nishutosh
Copy link
Collaborator

nishutosh commented Aug 7, 2017
edited
Loading

okay i have initiated the session mechanism but what should the page display in old snippets
i mean file name or unique id or the url of the file?

@sourabhtk37
Copy link
Owner Author

sourabhtk37 commented Aug 7, 2017
edited
Loading

Since we are not giving access via file_name, then if file_name is present or given, then show that else unique ID.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@sourabhtk37 @nishutosh