Generate QR code/link for share Grid(s) for view only (grandparents, kindergarten, nanny, etc)

[mtrakal]

I'm not sure, maybe something like this already exists.

It would be nice have a way to generate link or QR Code for Grid as Read only person without any login, etc...

Why: because I would like to share Grid with grandparents without creating any account for them or with kindergarten or nanny. They don't need edit grids or set anything. They just need a fast way to access Grid to communicate with children.

[klues]

There is the idea of creating a public space where people can share/adapt/fork grid configurations, see #29 which is somehow related.

I can imagine that implementing some kind of URL parameters like readonly=true and config=early_intervention would be a nice way to achieve your goal and to be able to create QR-codes that can be used.

I've already implemented similar things here: https://github.com/asterics/AsTeRICS-Grid/blob/master/src/js/service/urlParamService.js
However I think the possibilities became forgotten somehow and probably it's not really working anymore, because it was implemented before the selection of different default configurations was implemented.

[mtrakal]

I can imagine, that QR code/url will include some public key to decrypt userspace/userdata so any anonymous user can access user's grids, but will not have enough permissions to edit anything - because user is not authorized by username+password as grids owner.

[klues]

Permission management would be great, however it's not possible with the current architecture. All user data is end-to-end encrypted using the user's password and therefore it's impossible to create something like a "read-only-user" without removing end-to-end encryption.

I think the most realistic approaches are:

1. If at some time Public sharing of grids or gridsets #29 is implemented and there is a infrastructure for publically sharing configurations, it will be possible to create some URL parameters like usePublicConfigID=xyz which downloads the public configuration and creates a local user where the public configuration is imported (copied).
2. The same could be done with existing online-users with URL parameters like user=<username> and pass=<urlencodedPW>.
3. There could be a third parameter next to user and pass like useCopy=[true/false] which defines if the user should be logged in (and changes of the configuration will be synchronized live) or if a non-connected offline copy of the user configuration should be used.

Of course (2) and (3) have the downside, that you have to give away the password of a user and therefore also write access. There could be additional parameters like locked and fullscreen which can be passed in order to directly start with the config in locked or fullscreen mode and therefore at least prevent unintended changes in the configuration for use case (2).

[ChrisVeigl]

a "read-only" functionality would be very useful, indeed...
would it be possible to add a feature which prevents write access/edit mode until a (second) passwort is entered?

[klues]

It would be possible to use the currently existing "lock" feature for the UI preventing people to access the edit menu. However this is only an UI lock and it isn't really a protection of data since, as said, with the current architecture for end-to-end encryption I cannot think of a possibility for read-only access.

However as pointed out with idea (1), I think the best solution will be in combination with a public platform for sharing grid configurations, where users can use copies of it (where then I think there is no nead of some "read only" functionality).