Consider the following:
- User A invites B to append a resource somewhere (e.g. add one comment in a chat)
- B gives themselves
write rights in the resource they append
- B can now, in theory, create an infinitely large tree of resources under this comment, completely unrelated to the root item.
User A should have some tools to prevent this. I'm not quite sure how this might work.
- If we constrain
append right to only go one level deep, users can't do things like add an attachment to their comment.
Ideas are welcome!
Consider the following:
writerights in the resource they appendUser A should have some tools to prevent this. I'm not quite sure how this might work.
appendright to only go one level deep, users can't do things like add an attachment to their comment.Ideas are welcome!