ryan/lunarfront-app
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add traverse access level for folder navigation without file access

Browse Source 
When a permission is set on a nested folder, traverse is automatically
granted on all ancestor folders so users can navigate to it. Traverse
only shows subfolders in listings — files are hidden. This prevents
orphaned permissions where a user has access to a nested folder but
can't reach it.

Hierarchy: traverse < view < edit < admin
This commit is contained in:
Ryan Moon
2026-03-29 18:04:24 -05:00
parent 51ca2ca683
commit f998b16a3f
9 changed files with 72 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
packages/backend/src/db/migrations/0024_add_traverse_access_level.sql Normal file
View File

@@ -0,0 +1,3 @@
-- Add 'traverse' access level to storage_folder_access enum
-- traverse: allows folder to appear in listings but does not grant file access
ALTER TYPE storage_folder_access ADD VALUE IF NOT EXISTS 'traverse' BEFORE 'view';

7
packages/backend/src/db/migrations/meta/_journal.json
View File

@@ -169,6 +169,13 @@
"when": 1774830000000,
"tag": "0023_store_settings",
"breakpoints": true
},
{
"idx": 24,
"version": "7",
"when": 1774840000000,
"tag": "0024_add_traverse_access_level",
"breakpoints": true
}
]
}

2
packages/backend/src/db/schema/storage.ts
View File

@@ -11,7 +11,7 @@ import {
import { users } from './users.js'
import { roles } from './rbac.js'
export const storageFolderAccessEnum = pgEnum('storage_folder_access', ['view', 'edit', 'admin'])
export const storageFolderAccessEnum = pgEnum('storage_folder_access', ['traverse', 'view', 'edit', 'admin'])
export const storageFolders = pgTable('storage_folder', {
id: uuid('id').primaryKey().defaultRandom(),