Vaulx uses role-based access control (RBAC) with three built-in roles:Documentation Index
Fetch the complete documentation index at: https://mintlify.com/noelzappy/vaulx/llms.txt
Use this file to discover all available pages before exploring further.
admin, editor, and viewer. Roles are global — they apply across the entire instance — and there are no custom or per-resource roles. Every user is assigned exactly one role at account creation, and only an admin can change it. The role is stored alongside the user’s session and evaluated on every request by the RequireAuth middleware before any handler logic runs.
Role Summary
| Role | Description | Key Capabilities |
|---|---|---|
admin | Full system control | Manage users, hard-delete files, grant/revoke permissions, view audit log, restore trash |
editor | Content author | Upload files, create and manage their own folders, create share links |
viewer | Read-only consumer | Browse and download files and folders they have been granted access to |
Detailed Role Breakdown
admin — Full System Control
admin — Full System Control
Admins bypass all ownership checks. The
CanAccess function in acl.go returns true immediately for any user whose role is admin, regardless of who owns the resource. Admins can do everything editors and viewers can do, plus:- User management — Create users (
POST /admin/users), update their role or active status (PATCH /admin/users/{userID}), and list all users (GET /admin/users). - Hard-delete files — Permanently remove a file by appending
?permanent=trueto the delete endpoint:DELETE /files/{fileID}?permanent=true. Non-admin users who attempt a permanent delete receive403 Forbidden. - Grant and revoke permissions — Assign per-resource access to any user via
POST /admin/permissions, and remove it viaDELETE /admin/permissions/{permID}. - Audit log — View the full instance-wide audit trail at
GET /admin/audit, with optional action filtering and pagination. - Trash management — View all soft-deleted files at
GET /admin/trashand restore individual files viaPOST /admin/trash/{fileID}/restore.
editor — Content Author
editor — Content Author
viewer — Read-Only Consumer
viewer — Read-Only Consumer
Viewers have the most restricted role. They cannot upload files, create folders, or generate share links.
- Browse — View files and folders they have been explicitly granted access to by an admin via a permission entry.
- Download — Download individual files or folder ZIP archives for resources they can access.
CheckPermission(userID, resourceType, resourceID), which queries the permissions table for a matching row. If no permission row exists, the request is denied. See Permissions for how to grant access.Access Check Logic
Vaulx evaluates access through two functions defined ininternal/auth/acl.go:
CheckPermission against the permissions table. This lets a viewer (or any non-owner) access a specific file or folder without changing their global role. See Per-Resource Permissions for full details.
Assigning and Changing Roles
Roles are managed exclusively by admins via the admin panel routes.Create a user with a role
Submit a
On success, the server redirects to
POST /admin/users form with the following fields:| Field | Value |
|---|---|
email | User’s email address (must be unique) |
name | Display name |
role | viewer, editor, or admin |
password | Initial password (bcrypt-hashed before storage) |
GET /admin/users.Session Storage
Once a user authenticates, Vaulx stores the following values in thevaulx-session cookie via the gorilla/sessions session store:
| Key | Description |
|---|---|
user_id | The user’s UUID |
email | The user’s email address |
name | The user’s display name |
role | The user’s current role string (admin, editor, or viewer) |
RequireAuth middleware reads all four values on every request. If any of user_id or role are missing or empty, the request is redirected to /auth/login.
Deactivating users: An admin can disable a user’s ability to log in without deleting their account. Send
PATCH /admin/users/{userID} with active=false. The user record is preserved — including their files, folders, and permission entries — but they will be unable to authenticate. To re-enable access, send active=true to the same endpoint. Active-only users are shown in the permission grant dropdown (the List handler filters out inactive users before rendering the page).