[IMPLEMENTED] New permissions for asset folder Create, Update and Delete

Hello, we have been asked if there is a way to restrict Create, Update and Delete operations for folders for certain users, however at the moment I think asset folder permissions are dictated by the asset permissions (e.g. if I can create an asset I can create a folder)?

The reason this is wanted is so that some users (e.g. admins) can provide a structured folder hierarchy for other users (e.g. editors) to put their assets into.

There are only permissions around assets and asset scripts at the moment: https://github.com/Squidex/squidex/blob/master/backend/src/Squidex.Shared/PermissionIds.cs#L151-L162

Is this something that has already been considered and discarded? I think I have seen in other threads it is mentioned how asset folders are purely just for use on the front end to make browsing them easier so perhaps there isn’t much of an appetite for this?

Perhaps there is a wider consideration about have folder level permissions so that certain users can only manage assets in certain folders but for now all we are concerned about is users being able to create any folder structure they want.

It has not been requested yet, but I think it can implement easily.

I would change permissions to this.

        // App Assets
        public const string AppAssets = "squidex.apps.{app}.assets";
        public const string AppAssetsRead = "squidex.apps.{app}.assets.read";
        public const string AppAssetsCreate = "squidex.apps.{app}.assets.create";
        public const string AppAssetsUpload = "squidex.apps.{app}.assets.upload";
        public const string AppAssetsUpdate = "squidex.apps.{app}.assets.update";
        public const string AppAssetsDelete = "squidex.apps.{app}.assets.delete";

        // App Asset Folders
        public const string AppAssetFolders = "squidex.apps.{app}.assets.folders";
        public const string AppAssetFoldersCreate = "squidex.apps.{app}.assets.folders.create";
        public const string AppAssetFoldersUpdate = "squidex.apps.{app}.assets.folders.update";
        public const string AppAssetFoldersDelete = "squidex.apps.{app}.assets.folders.delete";

Then you can implement your roles like this:

// Give you permissions to all asset operation except folder updates.
assets.^folders

Unfortunately I had to keep the AppAssetsRead

1 Like

Oh nice and succinct, that’d be perfect for us!

Is that a breaking change though? Unless a user has the squidex.apps.{app}.assets permission they will suddenly be unable to manage folders.

Yes, it is, but most users just give the basic permissions like assets, contents and so on. I do not see another option.