I’ve got a question for those of you aspiring to get collaborative use out of ProseMirror. Would you use a SaaS that offered collaborative doc hosting for ProseMirror as a basic plugin/npm package if it existed and was at the right price? Particularly if it was highly configurable with things like authentication with your own auth services, document backups to DB on a timed interval, limit of connected peers per doc, ability to retrieve and restore doc backups, client-side API to handle auth errors or server disconnects, etc… ProseMirror is great but there’s no doubt that setting up a server side collaborative implementation that’s production ready and highly available can be a barrier to newcomers who want collaborative editing. I’d like to hear your thoughts!
This would not be an option for us. One of the main reason users want to use our solution is that they can run it on their own servers and have control over what happens with their data. Otherwise they could likely use Google Docs or Microsoft Office Online in most cases. But that’s just us. I could imagine other projects have other motivations for running their own editor, and getting the backend right is certainly a major problem.
One question: How are you planning on working with custom user access rights to documents? Or say a particular editor has two classes of threaded comments where only some users get to see either type of comment? Will this be possible, or will they have to accept a limited interface on the backend?
How are you planning on working with custom user access rights to documents?
Right now each live document with collaborative users editing it has an Authority session created in memory. These Authority sessions grab a user’s auth permissions for various authenticated actions (“view”, “edit”, etc.) when that user first connects and stores it in memory, then checks against that data when each operation is done by that user and rejects operations if the user isn’t allowed to do it. I’ve got a client-side API to handle these auth errors as well. Since the case exists where in your app your admin might decide to remove someone from being able to edit a doc but the Authority would still have their old permissions in memory, an API is provided to either invalidate a document’s permissions which forces that doc’s Authority to re-fetch all connected users’ permissions, or to invalidate a single user’s permissions in which case every Authority session with that user connected re-fetches their permissions and kicks any users that are now invalid.
Or say a particular editor has two classes of threaded comments where only some users get to see either type of comment?
I haven’t had a use for comments yet so I haven’t solved for it, but I’m curious how do you solve that problem?
Ok, but those are standard permissions. What about custom permissions, where a user for exxample can add nodes A and B, but not C and D?
Well, our backend is made only for our frontend and only for the particular type of nodes we have in our frontend. So we can just scan for the node types and don’t have to solve the problem in a general way.
In your case though, if I udnerstand your project correctly, you want to provide a general backend for all the different kinds of editors and nodes that people can build using the PM framework, correct? Or are you limiting the users to a particular set of node types and possible access settings?
Well to be clear I don’t really have any commitment to this atm, I’m just nearing a production ready setup and realized that getting it to that point was a long process and could definitely deter new users who are otherwise interested in ProseMirror, so I thought I’d start a discussion to see if anyone would benefit from a provided service. I imagine most of us have similar server implementations, there’s no need to reinvent the wheel if necessary.
You’ve made some great points so far! I believe permissions on a per-node basis could be done in a similar manner as I described for general action (“view”, “edit”), you’d just have to specify those node types and provide an auth hook to call to determine if a user is allowed to use such node types. I’ve solved for basic usage of PM but I’d love to hear more custom use cases like you’ve brought up to see if it would be possible to solve for them in a general sense.