Skip to content

Evaluate: User Preferences API (cross-collection isolation) #962

Description

@lane711

Follow-up to #956 (auth hardening review). Functionality gap — needs a product decision.

Gap

There is no per-user key/value Preferences API (CRUD, one-value-per-key-per-user, cross-collection isolation) for storing admin/user UI state server-side. We have no equivalent.

Decision needed

Is this worth building for SonicJS? Our admin is HTMX, so the usual driver (a heavy SPA admin persisting per-user UI state) may not apply.

If we proceed:

  • Document-model backed (user_preference type, owner-scoped, PII).
  • GET/POST/DELETE /auth/preferences/:key scoped to the current user.
  • Enforce one value per (user, key); isolate by user id.

Acceptance

  • Decision recorded (build / wontfix). If build: document-backed impl + tests.

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestquestionFurther information is requested

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions