Permission System
Current permission system is designed around access levels and single file permission settings.
There are different access levels for different users, which determine what operations they can perform on files and directories. Higher access levels grant more permissions.
- admin/all: all permissions including
GET/PUT/POST/DELETEand listing directories. - write: same as admin except for directory configuration file.
- read: only
GETpermission and listing directories. - none: no permissions as above, but may have
GETpermission on files via direct link, depending on the file and path-owner's permission settings (refer to the section below).
INFO
directory path ends with / and file does not end with /.
User Roles
There are three user roles in the system: Admin, Normal User, and Virtual User
- A normal user have all permissions of the files and directories under its path (starting with
/<user>/). - A virtual user doesn't have it's own path.
- Admins have admin permissions of all files and directories.
Users are like "buckets" or "access keys" to some extent
Normal users are like "buckets" that own files and directories.
Virtual users are like "access keys" that have expiry time and limited access to some users' paths.
Below sections only discuss normal users and admins. For virtual users, please refer to the Virtual User document.
Ownership
There are two types of ownership for files (terms used in permission checks):
- file-owner: the user who created the file.
- path-owner: the user under whose path the file is stored (i.e.
/<username>/...).
The owner always has all permissions of the file.
INFO
A file is owned by the user who created it. move will change the owner of the file. copy will create a new file owned by the user who performed the copy.
Peer Users
The user can have multiple peer users. The peer user can have read or write access to the user's path, depending on the access level set when adding the peer user.
INFO
Peer relations can be overridden by single directory permission settings, please refer to the Single Directory Configuration document for more details.
Move/Copy Permission
When moving or copying files, the user must have write permission of the corresponding paths.
moveoperation also requires write permission of both the source and destination paths.copyoperation does not require write permission of the source path.
Non-peer and public access
NOTE
This section discusses scenarios where the user is neither a peer of the path owner nor a logged-in user (i.e., guest or public access). It focuses on permissions for files and directories under other users' paths.
Users who are not logged in and are not peers of the path owner have limited access to files and directories under the users' paths. Specifically, they only have none permissions and cannot list directories. For directy access via file link, their permissions depend on the file's permission settings, as described below.
File access with GET permission
For accessing file content via direct link, the user must have GET permission of the file, which is determined by the permission field of both the path-owner and the file.
There are four types of permissions: unset, public, protected, private. Non-admin users can access files based on:
- If the file is
public, then all users can access it. - If the file is
protected, then only the logged-in user can access it. - If the file is
private, then only the owner/path-owner can access it. - If the file is
unset, then the file's permission is inherited from the path-owner's permission. - If both the path-owner and the file have
unsetpermission, then the file ispublic.
Summary
For quick reference, here is a summary table of the permission system:
Note
The table assumes the user is accessing files/directories under another user's path (The path-owner always has all permissions under its own path). The permission is considered in the order of left to right, and the first matching condition applies.
| Permission | Admin | Peer-w | Peer-r | File Owner | Non-peer user / Guest |
|---|---|---|---|---|---|
| GET | Yes | Yes | Yes | Yes | Dep. |
| PUT/POST | Yes | Yes | No | Yes | No |
| DELETE file | Yes | Yes | No | Yes | No |
| DELETE dir | Yes | Yes | No | No | No |
| move | Yes | Yes | No | Dep. | No |
| copy | Yes | Yes | Dep. | Dep. | No |
| list | Yes | Yes | Yes | No | No |
Capitilized methods are HTTP methods.
"Dep." means "Depends on file" or "Depends on source and destination".