-
Notifications
You must be signed in to change notification settings - Fork 14
Authorisation
There a number of ways to determine access permissions for each file and folder:
-
"acl": the default. Every file or folder can have associated access control lists (ACL). These lists define roles that the user must have to access the resource, and are stored in the file metadata. If there is no ACL for a given file, it inherits them from the parent file.
-
"global": there is only a single set of ACL shared by all files (in the same endpoint). It is specified by configuration property.
-
"trusted": allow everyone to do everything. This is only useful when you have a proxy server in front of v7files that takes care of access permissions.
The default setting is
acl.provider = acl
which by itself does not allow anyone to do anything (before you specify ACL for the files themselves, or the "global" ACL which will override the ACL for the endpoint root folder)
Access control lists specify a list of roles. The user needs to have at least one of those roles to perform the action.
-
acl.read
: read a file's contents, list a folder -
acl.open
: access files in a folder, defaults toacl.read
-
acl.write
: modify a file or folder