Granular access control! (not the one we need, but the one we deserve)

As you already know, Coda still doesn’t have granular permissions. So what’s the better option than to take the matter into my own hands and create my own implementation of access control?

Presenting… ACCESS CONTROL DEMO v.0.1!

The idea is simple: crash the doc when a certain condition is not met :joy:

For example:

  • If the user is not from the list of authorized users — checking for User() != ...
  • If document URL is not the one of the original document — checking for thisDocument.Url().EndsWith("_dXXXXXXXXXX")
  • Adding checks on row-per-row basis with a formula that would crash on certain conditions, then filtering away those rows for users that should not see them.

Inspired by this amazing crash course by @Filmos. The formula that you can use to crash your doc is, e.g.

Button(thisRow.[Noop button], "This shall crash the doc when you're in Play mode or can edit the doc", "Crash")

The doc won’t crash when launched in View only mode, but the users won’t be able to change anything about the doc (e.g. disable filters to see the data they shouldn’t see) anyways.

In this demo, I challenge you to find out who has a crush on whom :slight_smile:
There is in fact a way to bypass the system. I wonder if you can figure it out.

(don’t use this in production please :joy: )

3 Likes

Damn, I’ve crashed the embed and am locked out of the doc! :joy:

Incognito mode to the rescue!

Say Hi to Cathy :smiling_face_with_three_hearts:

Nah, that was just demo data. There’s no Cathy :slight_smile:

Try to get something more recent :wink: There are two rows.

(I know I added some filler data there before I figured out you’d go check the history)

I saw that, you thought of it all HAHAHA

This just my day :joy:

2 Likes