Follow-up to #956 (auth hardening review). Functionality gap — needs a product decision.
Gap
There is no per-user key/value Preferences API (CRUD, one-value-per-key-per-user, cross-collection isolation) for storing admin/user UI state server-side. We have no equivalent.
Decision needed
Is this worth building for SonicJS? Our admin is HTMX, so the usual driver (a heavy SPA admin persisting per-user UI state) may not apply.
If we proceed:
- Document-model backed (
user_preference type, owner-scoped, PII).
GET/POST/DELETE /auth/preferences/:key scoped to the current user.
- Enforce one value per (user, key); isolate by user id.
Acceptance
- Decision recorded (build / wontfix). If build: document-backed impl + tests.
Follow-up to #956 (auth hardening review). Functionality gap — needs a product decision.
Gap
There is no per-user key/value Preferences API (CRUD, one-value-per-key-per-user, cross-collection isolation) for storing admin/user UI state server-side. We have no equivalent.
Decision needed
Is this worth building for SonicJS? Our admin is HTMX, so the usual driver (a heavy SPA admin persisting per-user UI state) may not apply.
If we proceed:
user_preferencetype, owner-scoped, PII).GET/POST/DELETE /auth/preferences/:keyscoped to the current user.Acceptance