@@ -20,7 +20,11 @@ The "Finder" branch of django-filer has less third-party dependencies. It does n
2020[ django-mptt] ( https://django-mptt.readthedocs.io/en/latest/ ) and
2121[ easy-thumbnails] ( https://easy-thumbnails.readthedocs.io/en/latest/ ) anymore.
2222
23- For large datasets [ django-cte] ( https://github.com/dimagi/django-cte ) is reccomended, in order to improve the speed when searching.
23+ For large datasets [ django-cte] ( https://github.com/dimagi/django-cte ) is reccomended, in order to improve the speed
24+ of tree travesals, which is important while searching.
25+
26+ Since each ` FileModel ` contains a ` JSONField ` to store arbitrary data, [ django-entangled] ( https://github.com/jrief/django-entangled )
27+ is reccomended, in order to give users the opportunity to edit the the contents of that field.
2428
2529The client part of the new admin user interface has no runtime dependencies. It is compiled into two
2630JavaScript files, which are included by the corresponding admin views. One of them is used for the
@@ -234,38 +238,50 @@ existing file or upload a new one.
234238
235239## Permission System (Proposal)
236240
237- The permission system of django-filer is based on the idea of Access Control Lists (ACLs) similar
241+ The permission system of ** django-filer** is based on the idea of Access Control Lists (ACLs) similar
238242to Posix or NTFS ACSs. This allows to grant fine-grained permissions to everybody, individual users
239243and/or groups for each file and folder.
240244
241245Permissions are controlled through the model named ` AccessControlEntry ` . This model has a foreign
242- key onto ` FolderModel ` and a nullable foreign key onto ` User ` and ` Group ` . Either of them can be
243- set, but not both. If both are unset, the used permissions are applied to everybody and the
246+ key onto ` InodeModel ` and a nullable foreign key onto ` User ` and ` Group ` . Either of them can be
247+ set, but not both. If both are unset, the chosen permissions are applied to everybody including the
244248anonymous user.
245249
246- By using a separate model ` AccessControlEntry ` , ** django-filer** now can compute the permissions
247- using just one database query. Until version 3, the permissions had to be computed traversing all
248- ancestors starting from the current folder up to the root of the folder tree. This is a
250+ By using a separate model ` AccessControlEntry ` , ** django-filer** can now compute the permissions
251+ using just one database query per inode . Until version 3, the permissions had to be computed traversing
252+ all ancestors starting from the current folder up to the root of the folder tree. This is a
249253time-consuming opertaion and made ** django-filer** slow for large datasets.
250254
251255Each ` AccessControlEntry ` has a these fields:
252256* ` write ` : If set for a folder, it allows the currently loggedin user to upload a file. If set for a
253257 file, it allows the currently loggedin user to edit that file.
254258* ` read ` : If set for a folder, it allows the currently loggedin user to open that folder. If set for
255259 a file, it allows the currently loggedin user to view and use that file.
260+ * A generic foreign key pointing onto the ` InodeModel ` . This creates a one-to-many relation between
261+ different file types and folders on one side and the access control list on the other.
262+ * A foreign key onto the folder model to set a permission template. Read below for details.
263+ * The ` execute ` flag as seen in Unix file systems and other ACL implementations does not make sense
264+ in this context and is not implemented.
256265
257266If a folder has ` write ` but no ` read ` permission, the user can upload files into that folder, but
258- doesn't see files from other users.
267+ doesn't see files from other users. This is named "Dropbox" functionality.
259268
260269Each file and folder has a foreign key named ` owner ` , pointing onto the ` User ` model. The owner of a
261270file or folder can change its permissions if he has the global permission to do so. When creating a
262271new file or folder, the currently loggedin user is set as the owner of that file or folder.
263272
264- Only the superuser and the owner of a file or folder can change its permissions. The superuser can
265- change the permissions of any file or folder. The owner can change the permissions only of his files
273+ Only a superuser and the owner of a file or folder can change its permissions. The superuser can
274+ change the permissions of any file or folder. The owner can change the permissions only of files
266275owned by himself.
267276
268- Only the superuser can change the owner of a file or folder.
277+ Only a superuser can change the owner of a file or folder.
278+
279+ In addition to the file and folder permissions, each folder requires a template of permissions on how to
280+ inherit them to files and folders created as children of that specific folder. This can be achieved with
281+ a separate foreign key in model ` AccessControlEntry ` pointing onto the ` FolderModel ` .
282+
283+ Microsoft gives a good explanation on the implementation of
284+ [ ACLs in their Data-Lake implementation] ( https://learn.microsoft.com/en-us/azure/storage/blobs/data-lake-storage-access-control ) .
269285
270286
271287## Further Steps
0 commit comments