I am thinking of creating interconnected permissions system between an EntityFilterScript (EFS), a client and an additional external service.
However for me to start working on it I need to lay the ground work into the server:
I need to update the EntityEditFilters cpp so that the Script Engine used to process the EFS has access to connect to the Messaging Queue. As of the moment it is just a run in the mill QtEngine
Additionaly Script Engine needs to have access to the 3d Math interfaces, and have access is all the interfaces needed to generate a HMAC-SHA256/512 signature and JSON processing. That would be the main change.
JWT could be used to sign and authenticate claims between the two over the public Message queue.
The Secret is shared between the client and the server, as both are assigned normally from the same place (EFS - AC)
The Basic Vision is to allow for the creation of more nuanced EFS.
An authorized (user or assignment) client that has a secret can then send commands to create some mutability to EntityFilter.
Forexample this could be an Assignment client that monitors all entities "lastEditedBy", and connects them to users using an external service. This would relay this mapping to the EFS via the Messaging system. It would also send a list of override sessionIds (Admins) to the EFS that have access to everything.
The EFS could then block any edits to objects that are not comming from a "related" sessionID, or Admin.
If a user has access (admin or shared object) is editing someone elses object and has the permission to do so, the lastEditedBy field would not update.