New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[SPIKE] Reseach possible design about how to deal with access to attachments #422

Open

marrouchi opened this issue Dec 9, 2024 · 0 comments

Assignees

Contributor

marrouchi commented Dec 9, 2024 •

edited by yassinedorbozgithub

Loading

The main mission of this SPIKE is to research about the possibility to secure attachments.
Make the access flexible between users, and subscribers.

Every attachment can be owned by a subscriber or/and a user.
We will investigate the possibility to associate to the subscriber the registered role.

Features :

The attachments will be protected.
The attachment saved row can include metadata (context of the upload profile for example).
An attachment is owner by a single subscriber or user.
We will offer the possibility to access/download attachments by anonymous visitors.

Questions :

How we can deal with deleted subscribers ?
Is a admin can access attachments of the users ?
Is a admin can access attachments of another admins/managers/users ?
How we can migrate old attachments.

Prospectives :

We can crop/compress/resize images.
We can cache images based on stats (The public images the most used will be candidate to be cached).
Protect attachments with pin/OTP code.

marrouchi assigned yassinedorbozgithub

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment