Imagine object like this
const project = {
editors:{'[email protected]':'owner', '[email protected]':'manager' },
title:'myStackProject',
article:'I love to ask questions'
}
In my case managers can't edit title and rights but they can edit article. So the problem is how to prevent project.title, users and their rights from being modify made by managers. I use Y.js & y-socket.io Maybe you have already met the problem and know how to deal with it.
The easiest way is to store the fields in separate
Y.Docs - one for editors & title, one for article.If you have a server with access to the doc, in principle it could validate updates before accepting them: apply the update to a copy of the doc, inspect the
Y.Eventto see what changed, and reject if the user doesn't have permission. This can get complicated though.