filebrowser icon indicating copy to clipboard operation
filebrowser copied to clipboard
verified publisher icon gtsteffaniak

Permissions: Implement Separate Permissions for Directory and File Operations

Open baur opened this issue 11 months ago • 5 comments

I believe creating and deleting files and directories are distinct operations. In our case, for 99% of users, creating files is unnecessary and often causes confusion.

Is your feature request related to a problem? Please describe.

  • Deleting a folder is a risky operation because a user might accidentally remove a large folder with subfolders and files ⚠️
  • Renaming a directory can result in other users losing access to it, especially if roles are based on the folder name ⚠️.

This revision improves clarity and flow. Let me know if you'd like any more tweaks!

Describe the solution you'd like

It would be helpful to have separate permissions for different directory and file operations, such as:

  • Create Directory
  • Delete Directory
  • Rename Directory
  • Create File
  • Delete File
  • Rename File

Benefits:

  • Increased Security: Prevents accidental or unauthorized deletions and renames.
  • Granular Control: Allows users to perform only the actions they are explicitly permitted to, reducing confusion and minimizing the risk of errors.

Thanks

baur avatar Feb 01 '25 10:02 baur

I hope my requests will be considered. In the original repository, I have 20 closed issues that were not accepted, without any discussion 😔

baur avatar Feb 01 '25 10:02 baur

Thanks for the issue, similar to https://github.com/gtsteffaniak/filebrowser/issues/339 this involves careful considerations when dealing with multiple sources.

Just now, I think I know the best way to do this. Rather than applying the permission configurations to the user, I could apply the permission configurations to the index source.

The thing I didn't like about the OG filebrowser permissions structure was how it used confusing regex rules and per user config. I want to add this feature back -- but I REALLY want to make it work in a way that is simple and intuitive.

Thats why I have not done it yet, but thanks for getting the conversation started on this.

gtsteffaniak avatar Feb 01 '25 12:02 gtsteffaniak

Adding as sub task:

  • https://github.com/gtsteffaniak/filebrowser/issues/339
  • https://github.com/gtsteffaniak/filebrowser/issues/340

gtsteffaniak avatar Feb 01 '25 13:02 gtsteffaniak

Filecat supports this feature also based on Filebrowser https://github.com/xiaobaidadada/filecat/blob/main/doc/EN_README.md

xiaobaidadada avatar Mar 22 '25 09:03 xiaobaidadada

Yes, the og FileBrowser also has this feature.

When this feature returns it's going to be applied at a directory level rather than a rule applied to the user.

For example, on the original file browser you create rules for a user, you can have default rules against deleting "/testfolder", using regex path based rules.

I personally hate this approach, it's confusing and prone to error. (Doesn't check for regex typos, or could be incorrect regex. Also doesn't confirm if the folders actually exist) And I don't think normal people should have to learn regex to use FileBrowser Quantum rules.

The FileBrowser Quantum approach will be similar to how shares work. Rules will get applied to the directory. A path such as "/testfolder" will have rules blacklisting/whitelisting access for a user or all users for a certain action.

An admin will see all of the directories with rules applied in settings and in listing view, the similar to how "shares" work now.

The feature and additional authentication methods are next up on the roadmap. Expect to see these features come into beta in the next month.

gtsteffaniak avatar Mar 22 '25 12:03 gtsteffaniak