Firefly-iii: Allow multiple users to access the same data
Currently, firefly-iii supports multiple users. When creating a new user however, it also gets his/ her complete own environment.
I would like to share my accounts and transactions with my partner, but this seems impossible to me without sharing m user account credentials.
ksmolder
>All comments
It is indeed impossible, and your feature request is one that may be added One Dayâ„¢. In other words: please don't count on it.
I've run into the same request myself, wanting to share financial data, but there are a number of reasons why it will be very difficult to implement.
Just about every page, every request and every query that refers to user data is secured with a check to see if that data actually belongs to that user. About 95% of Firefly would be affected when the source-code would have to check for (possible) other users who may also have access to the data.
With the links between objects, such as transactions and budgets, accounts and piggy banks and various others, many times the choice will have to be made what to "include" when sharing data. When sharing, as you mention, just the account and transactions, there is still the choice whether or not to share budgets, categories, attachments, etc. etc. This could be all, or nothing, or something in between which would make this very complex.
Related to this question is the question what the other user may do with the data, apart from viewing it. Could the other user attach categories? Their own categories perhaps? Or can the other user access the first user's categories? Would that user have to permit that first?
Security-wise, yes, it would be better to create another user-account instead of sharing a password.
A Firefly III that was built from scratch could use the concept of user groups instead of users: a user would be placed in their very own group. They can't see this group or interact with this group in any way. But all data in Firefly is owned by this group, not by the user.
Then, when the user wants to share data with another user, this other user is simply placed in the same group. Again, nobody needs to know these groups exist. But that is how it could be. Data could be shared among many members, since everybody can join the group. The front end would only talk about "sharing", never about groups.
But such a change, at this point, would effectively mean that the tool needs to be rebuilt from scratch. And that's something that I cannot do.
JC5
on 2 Nov 2016
Related issues
ImLemni
·
3Comments
GaryQ
·
3Comments
digita1ist
·
3Comments
DBX12
·
3Comments
vlcty
·
3Comments
Most helpful comment
It is indeed impossible, and your feature request is one that may be added One Dayâ„¢. In other words: please don't count on it.
I've run into the same request myself, wanting to share financial data, but there are a number of reasons why it will be very difficult to implement.
Just about every page, every request and every query that refers to user data is secured with a check to see if that data actually belongs to that user. About 95% of Firefly would be affected when the source-code would have to check for (possible) other users who may also have access to the data.
With the links between objects, such as transactions and budgets, accounts and piggy banks and various others, many times the choice will have to be made what to "include" when sharing data. When sharing, as you mention, just the account and transactions, there is still the choice whether or not to share budgets, categories, attachments, etc. etc. This could be all, or nothing, or something in between which would make this very complex.
Related to this question is the question what the other user may do with the data, apart from viewing it. Could the other user attach categories? Their own categories perhaps? Or can the other user access the first user's categories? Would that user have to permit that first?
Security-wise, yes, it would be better to create another user-account instead of sharing a password.
A Firefly III that was built from scratch could use the concept of user groups instead of users: a user would be placed in their very own group. They can't see this group or interact with this group in any way. But all data in Firefly is owned by this group, not by the user.
Then, when the user wants to share data with another user, this other user is simply placed in the same group. Again, nobody needs to know these groups exist. But that is how it could be. Data could be shared among many members, since everybody can join the group. The front end would only talk about "sharing", never about groups.
But such a change, at this point, would effectively mean that the tool needs to be rebuilt from scratch. And that's something that I cannot do.