Add a SharePolicy #62
Conversation
|
Reviewing... |
There was a problem hiding this comment.
Looks good, and I think the design could be made clearer by moving stuff around and ending up with a state machine approach similar to DocState.
Something like a authorization_states: HashMap<RepoId, ShareAuthorization> to be found on DocumentInfo, and which would contain all data, including futures to poll, with only share_decisions_to_poll: HashSet<(DocumentId, RepoId)> found on the Repo as a way to integrate with the event-loop.
src/repo.rs
Outdated
| &mut self.share_decisions_to_poll, | ||
| self.share_policy.as_ref(), | ||
| document_id.clone(), | ||
| ShareType::Request, |
There was a problem hiding this comment.
Request is ambiguous here, because it could be that we've succesfully loaded the whole doc from storage. Could have a branch that requests if is_boostrapping, and one that announces otherwise if should_sync.
| @@ -1685,4 +1812,42 @@ impl Repo { | |||
| false | |||
| } | |||
| } | |||
|
|
|||
| fn enqueue_share_decisions<'a, I: Iterator<Item = &'a RepoId>>( | |||
There was a problem hiding this comment.
I would rather see:
fn enqueue_share_decisions(
doc_info: &mut DocumentInfo,
share_authorizations_to_poll: &mut HashSet<(DocumentId, RepoId)>,
/// the same below
)
Which would only process repos for the document which do not have already an authorization.
|
Great feedback. I've not done quite what you suggested. Instead I've introduced a
|
Great idea! Reviewing... |
| @@ -869,6 +976,7 @@ pub struct Repo { | |||
| /// to poll in the current loop iteration. | |||
| streams_to_poll: HashSet<RepoId>, | |||
| sinks_to_poll: HashSet<RepoId>, | |||
| share_decisions_to_poll: HashSet<RepoId>, | |||
There was a problem hiding this comment.
Are these not just the keys of pending_share_decisions, in which case this is redundant?
| PeerConnection::PendingAuth { .. } => { | ||
| let mut sync_state = SyncState::new(); | ||
| let document = self.document.read(); | ||
| let message = document.automerge.generate_sync_message(&mut sync_state); |
There was a problem hiding this comment.
first apply received sync messages?
So this branch is hit if the peer sends us a sync message while our announce request is pending, in a way it happens when two peers connect, and one of them get permission to announce, and we receive the sync message before the local request to announce has completed?
Problem: we announce documents to all connected peers and we share documents with anyone who knows the document ID. Most applications probably want some control over authorization. Solution: introduce `SharePolicy`, which is a trait users implement and pass to `Repo::with_share_policy` to control when documents are shared.
Problem: we announce documents to all connected peers and we share documents with anyone who knows the document ID. Most applications probably want some control over authorization.
Solution: introduce
SharePolicy, which is a trait users implement and pass toRepo::with_share_policyto control when documents are shared.This is a pretty naive encoding of a
SharePolicytrait. In particular it returns aBoxFuture<'static, ..>for each method onSharePolicy, which means we're doing dynamic dispatch on every access control decision. I think this is probably not an issue given that the IO we're doing should dominate runtimes, but if it becomes an issue we can add a generic parameter toRepoand thread that through.