Call the town guards; it's a security post! (Patreon)

First off; a UI redesign and new logo are in the works! I've got an insanely talented designer helping me out with this--I'll be revealing more on that when the whole branding package is ready. I'm also putting the finishing touches on the new text editor, which I'm beyond stoked about. I actually don't want to share too much about it because... Well, it'll just be a surprise. Sorry for all the teases, but LegendKeeper is at a sensitive stage and I've got a few things up my sleeve.

Keepin' it secure!

One of the intended core features of LK, outside of map management, wiki editing, and search, is the ability to share worlds with other users. While this feature is unlikely to be present in the Alpha test, it's important that the design decisions I make for LegendKeeper now empower me to enable sharing in the near future. This means that the underlying data model of LegendKeeper should be compatible with a discretionary access control scheme. LK already has a simple permissions system as it stands, but if I'm to implement the features I'm imagining, it's important I make smart decisions regarding the permissions model, without over-optimizing or getting bogged down in all the possibilities for the future.

For example, if a user wants to share a world with a friend, they should be able to generate a link that their friend can use to see a read-only copy of their creation. Alternatively, maybe they want a few friends to be able to view and edit certain documents in their world, so they either directly invite them to create LegendKeeper accounts and request an invite to view the world, or send them personalized invitation links. More granular still, maybe these users are players in a DnD campaign, and they should only be able to see their party's starting location and be able to edit the Beings that correspond to their respective characters. The complexity of the permissions system starts to rear its head, especially when you start thinking about stuff like collaborative novels or West Marches campaigns.

There are certainly strategies for handling these scenarios, and that's what I'll be working on next. While I'd love to do a Technical Notes post on the security and permission features that LK offers, I think it's safer to not enumerate such system internals. You can be sure that LegendKeeper meets the requisite security standards of a modern web app, and that's all I'll say! 

If you're an author or a live-table DM, you might be thinking "Hey! Cut it out with the sharing features! I just want to use it solo!", but rest assured, a solid permissions system from the start means solid security all-around. 

I'll end with a fun question: In LegendKeeper, there is a section of the encyclopedia dedicated to items in your world; What's an interesting item that might be found in yours?