setting the access permissions

[jeau]

I suggest setting access, reading and writing permissions adapted to the Clourdon context

• export HMD_ALLOW_ANONYMOUS=false — set to allow anonymous usage (hackmd default is true)
• export HMD_ALLOW_ANONYMOUS_EDITS=true — allowing guests to edit existing notes (hackmd default is false)
• export HMD_ALLOW_FREEURL=false — set to allow new note creation by accessing a nonexistent note URL (hackmd default ?)
• export HMD_DEFAULT_PERMISSION="limited" — set notes default permission (only applied on signed users)

Cf. Hackmd doc

Only the owner of the note can change the note’s permissions.

	Owner read/write	Signed-in read	Signed-in write	Guest read	Guest write
Freely	✔	✔	✔	✔	✔
Editable	✔	✔	✔	✔	✖
Limited	✔	✔	✔	✖	✖
Locked	✔	✔	✖	✔	✖
Protected	✔	✔	✖	✖	✖
Private	✔	✖	✖	✖	✖

[jeau]

maybe we should set HMD_DEFAULT_PERMISSION to private to let the owner choose how to share the document and avoid some surprises

[fbartels]

Oh, it seems I missed your pr (did not get a mail notification about it), but we anyway had a similar idea.

[jeau]

don't worry!

I think it is also necessary to add export HMD_ALLOW_ANONYMOUS_EDITS=true so that the edition is not limited to Cloudron users. It is possible if the owner authorizes it (set Freely permission) and sends the url to an external user or publisize it.