Sharing data public

I am developing a web application which is like a online shopping platform. I read from some post saying that mutable data cannot be share publicly, but only immutable data. Is that correct? If not, how can I store the data in a public container.

The current method I use is that the data will be store in a mutable data entry, but only the user (creator) can view for the data. The step is as follow:

  1. The user enter the webpage.
  2. The webpage detect whether the user has the MD entry call “product”
  3. If no, then create one and continue to step 4.
  4. If yes, navigate to home page.

However, the MD entry created is for the user only… How to let the webpage itself have a MD entry or a variable that keeps all the information users uploaded?

Mutable Data can also be public, you set this when creating them with a Permissions object.

If you wish to do this then pre-create the MDs with you as the owner and allow everyone to add fields. I am under the understanding that the permissions can be set for each field. Thus the MDs exist but empty till the APP loads up the MD.

Of course you can write your APP such that the user owns the MD for the product they create/upload. Then all you need to do is pre-create the needed indexing MDs for pointing to the product. (eg Cars, xyzbrand, abcmodel)

How can I pre-create the MDs?

The current code fragment that I used to create the MD:

blankAppState = JSON.stringify({'SafeShopProductInfoMD':[]})
blankAppState = await window.safeMutableData.encryptValue(localStorage['ContainerMDhandle'], blankAppState)
blankAppState = JSON.stringify(blankAppState)

//Insert the above value into mut_handle and commits the mutation to network
await window.safeMutableDataMutation.insert(mut_handle, allTableName[i], blankAppState)
await window.safeMutableData.applyEntriesMutation(localStorage['ContainerMDhandle'], mut_handle)
console.log(allTableName[i],'MD entry created')

Where should I apply the persimission? Or how to create them with using a permissions object instead of this?

Your APP would do this for you. Just have that as part of its functionality.

The site APP is different to your APP

As to how, I leave that to be answered by anyone who has already done this. I have yet to get into APP writing.

1 Like

You can’t set permissions for individual fields. It’s under consideration but not planned AFAIK.

He can create MDs which are public access (example: services MD), but I’m not sure if that is what he needs.

Users should own their own data where possible of course, but it can be made accessible by others.

Yes, but there are circumstances where a sale site wants the user to own their data, but say a order where you don’t want the user to modify once order is accepted. This could cause logistic issues where the customer changes the order and claims the seller over charged. And causes a lot of trouble. So it would be good for the actual order to be placed in a site owner owned MD.

I think that can be catered for by removing ownership after creation, though I’m not sure if the API supports that yet.

I’m glad the areas are coming up as finding ways to handle these patterns is going to be fun, as well as very important. :slight_smile:

But that is wasteful. The company would want to add fields to the order. Like “order picked”, “back ordered” items etc etc, rather than create new MDs just to make notes and add fields.

So I can see a lot of use for the company/shop owing the order object when a customer orders an item from them. And the customer would have read rights to that order.

To remove ownership means that the permissions has to allow anyone to read the customer’s order rather than just the store owner and the customer. (when multiple IDs are included in the ownership & permissions). Too bad if you are ordering sensitive things (creams, prescriptions, or whatever)