| Database | ULID-Bundles (ULID is member's user dbid as a ulid) | |
|---|---|---|
| Purpose | Track the bundles shared with a member. | |
| Cardinality |
one ULID-Bundles database per member in the engagement
one item per bundle shared with the member zero or one EscrowCredentialsItem for members who have not accepted their invitation.
|
|
| Zod Models | ||
| item | union of EscrowCredentialsItem and BundleItem |
|
| item.item | either EscrowCredentialsRecord or BundleRecord |
|
EscrowCredentialsItem |
||
| itemId | 'ec${mnum}' where mnum is the member number | |
| item: | EscrowCredentialsRecord |
|
| kind | 'escrowcredentials' | |
| mnum | number assigned to member | |
| messagee | member's ESCROW user validation message | |
| username | member's ESCROW username | |
| password | member's ESCROW password | |
BundleItem |
||
| itemId | number assigned to bundle. first bundle is 1. | |
| item: | BundleRecord |
|
| kind | 'bundle' | |
| bnum | number assigned to bundle (same as itemId) | |
| bid | BID of the bundle | |
| datadbid | dbid of the corresponding BID-Data database | |
| entriesdbid | dbid of the corresponding BID-Entries database | |
| name | name of bundle | |
| description | description of bundle | |
| restricted | true if bundle is restricted | |
| stats: | ||
| folders | number of folders in the bundle | |
| files | number of files in the bundle | |
| size | approximate total size of the bundle | |
Description
Securepub creates a ULID-Bundles database for a member when the host adds the member to the engagement.
It contains one item for each bundle shared with the member with the same attributes as the Host's Bundles database.
It also contains an escrow credentials item used to grant the member read access to restricted bundles when they accept their invitation.
(see userbase-js/types/index.d.ts)
export interface Item { userbase item
itemId: string ╭────────────────┐
item: any ────────────────────┬──▶│ kind: 'bundle' │
createdBy: Attribution │ │ bnum: 1 │
updatedBy?: Attribution │ │ ... │
fileId?: string │ ╰────────────────┘
fileName?: string │
fileSize?: number │
fileUploadedBy?: Attribution │ ╭─────────────────────────────┐
writeAccess?: AccessControl └──▶│ kind: 'escrowcredentials' │
} │ mnum: 2 │
│ username: 'ibrahim' │
│ password: '01H6ET...' │
╰─────────────────────────────┘
EscrowCredentialsItem
Each guest invited to an engagement by a host has two Userbase accounts representing different security roles:
-
the GUEST user which
- holds the guest's data which they may share with others and
- is given read privileges to data whose terms the guest has accepted
-
the ESCROW user which
- is granted privileges to read and reshare databases offered to the GUEST
When a host offers to share a restricted bundle with an invited member, the host grants the read privileges to the ESCROW user and stores the credentials for that role in the member's ULID-Bundles database.
When the member accepts their invitation, they use the escrow credentials in the ULID-Bundles database to signin as their ESCROW user and then reshare the corresponding data with their GUEST role.
The itemId of a EscrowCredentialsItem is the concatenation of the string 'a' and the member
number. E.g. 'a1' for member number 1.
Securepub removes the ESCROW user and credentials from the ULID-Bundles database after an invited member accepts their invitation since at that point they are no longer needed. Databases of bundles shared with accepted members are directly shared with the member's regular GUEST user.
BundleItem
When a shares a bundle with a guest the corresponding BundleItem is copied from the Bundles database to
the guest's ULID-Bundles database.
The itemId of a BundleItem is the bundle's bnum (bundle number).
Ownership and Access
The host owns all ULID-Bundle databases.
Other members in the engagement have read permission to their ULID-Bundle database.
Zod models
See EscrowCredentialsItem and BundleItem on the design page for the Bundles database.