I’m playing with the DOM API and want to create a public MD where every app user is able to insert values. So far I have noticed that if you create a public MD it’s readable by everyone but only the creator can insert values. If I log in with a different account and want to insert values I get “Access denied”.
I now wonder if for such a case I would need the authoriseShareMd function? If yes, how should it be used?
Normally I hash the string of my MD name and use this hash-name for storing MDs. Therefore I tried the following but authoriseShareMd returns “First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.”.
Thanks to the quick response of Joseph_Meagher I was able to fill in the missing puzzle. I forgot to call
window.safeMutableData.setUserPermissions(mdHandle, null, pmSetHandle, version + 1))
so everyone is able to insert values. Now this part works! However just out of curiosity, could anyone elaborate about the following questions?
Am I right in assuming that authoriseShareMd should be used to request permission to a MD which was created by a different app? From the documentation the use-case for this function isn’t 100% clear to me.
Thanks for the youtube link. @hunterlester this helps a lot understanding the purpose of this method.
Two things I can’t understand though:
Why is the authoriseShareMd call triggered by the foreign app? It seems strange, that some random app can request access to “my” MD?
Also, in your video it seems that after creating your public MD you don’t set Insert permission for anyone other than yourself. (After calling quickSetup you directly switch to the other app without adjusting permissions.) This would mean, even by using the same app, others wouldn’t be able to insert something. Does shareMd give you this access too? This would be even more troubling if it can be requested by some foreign app.
I’m currently testing some code where I always switch between users so I was still there with my thoughts. In your video you just switched the app, but not the user. Now it makes sense!
Still strange though why this error occured: “First argument must be a string, Buffer, ArrayBuffer, Array, or array-like object.” because the first argument was definitely a valid appHandle. But maybe it’s my fault again. I’ll do a little bit more testing on this.
I am still a bit confused on how shared mdata works
Would its ownership just be a reference to the account that created it or would there be a link to the app info in use when the mdata was created? I got this
/// Network address
/// Type tag
// ---- owner and vault access only ----
/// Maps an arbitrary key to a (version, data) tuple value
data: BTreeMap<Vec<u8>, Value>,
/// Maps an application key to a list of allowed or forbidden actions
permissions: BTreeMap<User, BTreeSet<Permission>>,
/// Version should be increased for every change in MutableData fields
/// except for data
/// Contains a set of owners which are allowed to mutate permissions.
/// Currently limited to one owner to disallow multisig.
from here but it isn’t too clear to me what it means.
What is the difference from a standard public Mutable Data structure like chaty and a Mutable Data structure that is shared?
Can a private Mutable Data be shared between users with/without permissions?
Is it possible to add an owner to the list of owners, if so how?
Is it possible to give and then revoke permissions to users other than owner?
They are just MutableData’s. When we talk about shared MD is just a MD which is being shared by several applications, i.e. several applications have permissions to insert, update and/or delete entries from it.
When you create a MD the owner is the account/user, and the app that is creating the MD sets the permissions upon creation for itself (if you use quickSetup it enables all permissions for the app creating it, using its sign key to do so). After that, any app that has the ManagePermissions permission can set permissions for any other app. Now, if an app doesn’t have the MangePermissions permission for a MD, and it doesn’t have any other permission it needs, it can not add itself, this is when the SharedMD request/flow comes in to add that app to the permissions list.
Yes, I think so, but only the entries which are not encrypted will be readable by the other user. A private MD can contain also unencrypted entries.
This is not possible yet, as you can see the comment there in the code, it’s locked to only one owner at the moment. Changing ownership is not implemented yet either.
I’m not sure if this makes sense, at least at the moment, because usually it is an app which is interacting with the network and manipulating the user’s data on behalf of the user, so you need the app to be given permissions.
I think there is no difference. By calling the shareMD function you just request access (for the current app) to a MD you already own (e.g which you created). The name of the function is maybe a bit misleading because you don’t use it to share the MD with users, but with a foreign app. Maybe it should be named “shareMdWithApp” or something.
Not sure if this is possible yet.
I think the anser to this is already in the code you posted above: “Currently limited to one owner to disallow multisig.” So I think this will be able in the future but for now the creator is the only owner.
Not 100% sure, but should be possible if you know the key of that user? Maybe the mobile messaging app goes into that direction but wasn’t able to take a closer look at it yet.
@Mindphreaker If you pass hashedName as new Uint8Array(hashedName) then you’ll achieve success.
We are working on unifying the web API to only output Uint8Array typed arrays so that we won’t have to convert from ArrayBuffer.
When you set up a Private or Public Mutable Data Structure it gives permissions to an application key. That key is derived from the account and the application used to set up the Mutable Data Structure.
This means only that application in combination with the account has permissions for that Mutable Data Structure.
To enable permissions from a different application Shared Mutable Data is used to request permissions.