filebrowser icon indicating copy to clipboard operation
filebrowser copied to clipboard
verified publisher icon gtsteffaniak

FR: Set Permissions Separately for Each Source

Open baur opened this issue 9 months ago • 4 comments

Is your feature request related to a problem? Please describe

Currently, permissions are applied globally across all sources

Image

In our case, the application is used for multiple purposes, where each source may have its own manager responsible for:

  • uploading and deleting files
  • managing user permissions within their own data source

At the same time, the same manager might have only limited access (e.g., view/download only) and without the ability to manage permissions in other sources.

Without the option to configure permissions separately per source, it becomes impossible to enforce proper and secure access control.

Describe the solution you'd like

Add the ability to define permissions separately for each source

baur avatar Mar 14 '25 04:03 baur

But in my case, a user may be a manager for one folder and a viewer for another folder within the same source (same root, same disk), and I don’t know how to resolve this.

I'm planning to create two source sets within one folder (same disk):

  • In the first source set, the user is a manager using a whitelist.
  • In the second source set, the user is a viewer while excluding the managed folder using a blacklist.

However, this approach results in multiple sources being generated.

PS:

I believe this could make the system overly complex and over-engineered, and it may not be necessary to implement this feature. I would prefer to keep the system simple and universal, as implementing every requested feature may not always be the best approach.

baur avatar Mar 14 '25 06:03 baur

Why was this closed? It hasn't been implemented or discussed, has it? I wanted to give family members access to different folders, but some should be read-only for them. However, they should have write/upload permissions for their upload folder. They are already in my ldap directory and federated to Authentik which I use for OIDC in FBQ.

Is that an exotic use case? I assume that many users want to give selective upload/write permissions.

I agree that it would be a lot of work to implement it, probably.

Faustpfand avatar Aug 26 '25 09:08 Faustpfand

I think this is a duplicate of https://github.com/gtsteffaniak/filebrowser/issues/1044 however, I perfer the description and details in this issue, so I will close the other and link it to this one.

gtsteffaniak avatar Aug 26 '25 15:08 gtsteffaniak

https://github.com/gtsteffaniak/filebrowser/issues/1616 this will likely be accomplished via access control rather than source configuration.

gtsteffaniak avatar Nov 19 '25 15:11 gtsteffaniak