Per-resource permissions let an admin give any user — most commonly aDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/noelzappy/vaulx/llms.txt
Use this file to discover all available pages before exploring further.
viewer — access to a specific file or folder without promoting their global role. A viewer with no permissions can see nothing; once an admin grants them view access to a folder, they can browse and download from that folder alone. This model keeps global roles coarse-grained while allowing fine-grained sharing within a private Vaulx instance.
Permission Levels
Each permission row carries one of three levels, enforced in the database with aCHECK constraint:
| Level | What it allows |
|---|---|
view | Read-only access — browse and download the resource |
edit | View access plus the ability to upload files and rename content within the resource |
manage | Edit access plus the ability to delete content and manage shares for the resource |
Resource Types
Permissions can be scoped to either a file (resource_type = 'file') or a folder (resource_type = 'folder'). Granting access to a folder does not automatically cascade to all files inside it — each resource is checked independently via CheckPermission.
Granting a Permission
Only admins can grant permissions. The form is submitted toPOST /admin/permissions.
HX-Trigger header with a showToast event and redirects to:
Form Fields
The type of resource to grant access to. Must be exactly
file or folder.The UUID of the file or folder. An invalid UUID returns
400 Bad Request.The UUID of the user to receive the permission. Must reference an existing user. An invalid UUID returns
400 Bad Request.The access level to grant. Must be one of
view, edit, or manage. Any other value returns 400 Bad Request.Viewing Permissions for a Resource
Admins can inspect which users have been granted access to any file or folder:- Grantee name and email
- Permission level
- The date the permission was created
type and id query parameters are required; omitting either returns 400 Bad Request.
Revoking a Permission
To remove a permission, send aDELETE request to the permission’s ID:
200 OK and sets an HX-Trigger header with a showToast success event. An invalid UUID in permID returns 400 Bad Request; a database error returns 500 Internal Server Error.
Database Schema
Thepermissions table is defined in migrations/001_initial.up.sql:
granted_by column records which admin performed the grant (nullable in case the granting user was subsequently deleted — the REFERENCES users(id) has no ON DELETE clause, so the row is retained with a null granted_by).
Access Check Flow
When a non-admin, non-owner user attempts to access a file or folder, Vaulx runs the following check (frominternal/db/queries/permissions.sql):
false, the request is denied with 403 Forbidden. The CanAccess function in acl.go handles the fast-path for admins and owners first; CheckPermission is the fallback for everyone else.
The
UNIQUE (user_id, resource_type, resource_id) constraint means a user can hold at most one permission row per resource. However, instead of failing on a duplicate grant, the GrantPermission SQL query uses an upsert — ON CONFLICT ... DO UPDATE SET level = EXCLUDED.level — so granting a second time on the same resource simply upgrades or downgrades the existing level rather than returning an error. The granted_by field is also updated on upsert to reflect who made the most recent change.