Howto limit access to user's own user-made content?

Hi there,

I am just checking out the Cockpit CMS, and I’m very much impressed from the clean design.
This makes a lot of sense for me, and I’m checking out how I can use this in new projects.

One current task ist, that I want to enable user self-registration,
where the user can store its data, but is isolated from all other users.

So far I tested via UI only, and there were no clear separations or concepts.
A user with read only could access other data as well, not sure if I configured something wrong.

How would I setup to achieve my goals ?
I’m thinking about something like this

Separate collections per user:

  • new user registers, got an account an limited access-token (CRUD) for his own data.
  • a new collection with the users ID is created
  • then the user only can access his own collection

Another approach would be
One collections for multimple users:

  • new user registers, got an account an limited access-token (CRUD) for his own data.
  • a common collection with a filter for the users ID is used
  • then the user only get filtered access of his own collection data

I think the 1. approach has better isolation, but maybe Cockpit is not made for many users with many collections.

I want to ask what would be the right way to start with such project,
or is there maybe already some hidden feature for such use, that I cannot see at the moment.
Maybe by REST access only, and switching off the UI, is this maybe a better way ?

Hope that someone can help me dive deeper into this great library.

I found this script from Raffaelj’s very useful site.
https://github.com/raffaelj/cockpit-scripts/blob/master/permissions/restrict-content-to-owner-and-disallow-editing-published-entries.php

It seems that this is the right way to isolate data.
I also found something about separation of private assets
https://discourse.getcockpit.com/t/private-assets-per-user/1560/3

This is basically what I’m looking for.

Are there maybe more complete scripts or addons that can solve this,
or do I have to fix scripts in various places to achieve this.

Sorry for the stupid questions, but I’m trying to learn cockpit from scratch.

When I use the backend to store permissions for colletions, they all are red,
and when I configure them to green, after saving they’re back to red again.
So I’m very unsure how and if the permissions shall be handled correctly.
Do I have to set all CRUD permissions in the group definiton file, I use YAML ?

Maybe someone could point me to the latest solution for such use case.
Do I look into the right direction ?