#Proposal for improved sharing and permission concept

Link: https://github.com/Phlogi/immich/blob/main/docs/docs/features/better-sharing.md

I was working on a concept to solve some of immich's limitations around sharing and permissions, also addressing handling all metadata.
Would you prefer to discuss the detailed document here, or shall I create a pull request that puts the concept into immich's documentation? It's too long to put into a PR itself, I think it should be stored as a markdown file in the repo to best work and improve on it.

What is convenient for you?

Discussing here is probably best

This is on my to-do list, feel free to share here

Great, as it's rather large, I don't know if we can collaborate effectively on it. But why not, as a first shot. I can try to rework it with your comments and questions. I'll release it very soon here, promised.

It's too long to post it here, there you go:
https://github.com/Phlogi/immich/blob/main/docs/docs/features/better-sharing.md

Let me know if i should create a PR for it or how to to proceed.

Awesome, thanks! We will give it a read when we find the time for it and will take it into account when discussing the stuff – will possibly come back with feedback then. Generally though this most likely isn't something we will work on before stable. Definitely we'd prefer working on this in the core team though since it affects basically the entire code base and most likely requires a lot of discussion as we go

Isn’t this listed as pre stable on our roadmap 😅

The roadmap isn't in order

And no, it's not even on the roadmap :P

“Fine grained access controls
Granular access controls for users and api keys”?

That is a prerequisite for this

;)

We should probably re order it then. It looks like some of them are pre stable and some after

Looking at this it is ordered now actually 😅

I think we re-ordered it at some point

lol ok so what is fine grained access? Admin permission scopes?

Yup pretty much this

Basically ABAC

Yes, i understand, it was my reasoning too. I think due to that, it makes even more sense to invest time into it before starting to implement it.

One side note however: If at least the "show shared-to-me assets in my timeline" feature could be prioritized, that would make many users happy. I read about that desire everywhere. See also https://github.com/immich-app/immich/discussions/1779

We know that it's highly requested :P

Ask ten Immich users what feature should have priority and you'll get 15 answers

I think it’s not as simple as is sounds with the way the database is structured

Not that the database is setup bad but it’s not just a click box

I think it's pretty straight forward to implement without touching much of the hot permission stuff.

We don't (and won't) monkey patch more stuff

We will do it properly once

Alright, you're the experts.

And this, yes. It's probably not as simple as it may sound

Apologies if that may be disappointing, I am well aware how desperately you and many users want this. For us it's crucial to keep a clean code base though, and we prefer waiting a bit longer with a feature in order to do it properly from the beginning

Sure, no worries - really. This is why i started working on that concept. Feel free to add questions and feedback here. I can try to further work on it and improve it.

I'd strongly advocate for an attribute based access control instead of rbac in this case

That's our plan anyways, huh?

The document above said rbac