Differences
This shows you the differences between two versions of the page.
| Next revision | Previous revision | ||
|
en:extensions:cloudfile:permission [2014/08/06 22:11] swarnat created |
en:extensions:cloudfile:permission [2014/08/06 22:29] (current) swarnat |
||
|---|---|---|---|
| Line 6: | Line 6: | ||
| Because the default permission handlings are handled from left to right. | Because the default permission handlings are handled from left to right. | ||
| - | <WRAP center round tip 60%> | + | <WRAP left round tip 100%> |
| **Example** | **Example** | ||
| The path | The path | ||
| - | /main/sub/directory/ | + | **/main/sub/directory/** |
| will checked like this: | will checked like this: | ||
| - | - Did I have access to /main | + | - Did I have access to **/**, if not prevent complete access |
| - | - Did I have access to /main/sub | + | - Did I have access to **/main**, if not prevent complete access |
| - | - Did I have access to /main/sub/directory | + | - Did I have access to **/main/sub**, if not prevent complete access |
| + | - Did I have access to **/main/sub/directory**, if not prevent complete access | ||
| If all this is true, I could access this directory. | If all this is true, I could access this directory. | ||
| </WRAP> | </WRAP> | ||
| + | The CloudFile switch this processing. I will check the path from right to left. | ||
| + | So you could have access to files inside a subdirectory, within a directory you couldn't access at all. | ||
| + | This makes it easier to configure permissions for you. | ||
| + | |||
| + | <WRAP left round tip 100%> | ||
| + | **Example** | ||
| + | The path | ||
| + | /main/sub/directory/ | ||
| + | will checked like this: | ||
| + | - If there is a permission configuration for **/main/sub/directory/**. If yes, apply the rule. (deny or grant access) | ||
| + | - If there is a permission configuration for **/main/sub/**. If yes, apply the rule. (deny or grant) | ||
| + | - If there is a permission configuration for **/main/**. If yes, apply the rule. (deny or grant) | ||
| + | - If there is a permission configuration for **/**. If yes, apply the rule. (deny or grant) | ||
| + | </WRAP> | ||
| + | |||
| + | You will get the question, how you could access **/main/sub** if the access to **/** is denied | ||
| + | I solved this in a way you don't need to have denied access in mind if you create configurations. | ||
| + | |||
| + | <WRAP left round tip 100%> | ||
| + | **Example** | ||
| + | If the filesystem looks like: | ||
| + | <code> | ||
| + | a | ||
| + | ab | ||
| + | ac | ||
| + | acd | ||
| + | acda | ||
| + | ace | ||
| + | b | ||
| + | ba | ||
| + | </code> | ||
| + | And you **prohibit the access of /a , allow the access to /a/ac/acd and allow /b** for the user . | ||
| + | Then the user will see the following filesystem: | ||
| + | <code> | ||
| + | a | ||
| + | ac | ||
| + | acd | ||
| + | acda | ||
| + | b | ||
| + | ba | ||
| + | </code> | ||
| + | And no **/a/ab** or **/a/ac/acd**. | ||
| + | Also the user won't see any other content of the directories below **/a/ac/acd**. | ||
| + | |||
| + | The system will manage the directories to makes it possible to navigate from the root to the directory the user could access. But nothing else is visible. | ||
| + | </WRAP> | ||
| + | |||
| + | You could try this best if you setup the "filesystem" provider and try it in local filesystem. | ||
| + | |||
| + | I decide to implement the permission system in this way, because this system makes it easier to allow only single directories and prohibit access to all other directories. | ||
| + | Also it isn't more work if you want to allow almost all directories and only prevent access to single directories. | ||