Permissions give specific users fine-grained access to a file or folder beyond what their global role allows. An admin can grantDocumentation Index
Fetch the complete documentation index at: https://mintlify.com/noelzappy/vaulx/llms.txt
Use this file to discover all available pages before exploring further.
view, edit, or manage access to any user for any resource. Permissions are stored with a UNIQUE (user_id, resource_type, resource_id) constraint, so granting the same user access to the same resource a second time upserts the existing row with the new level rather than creating a duplicate.
All three endpoints require the admin role. Non-admin requests receive a 403 HTML error page.
List permissions for a resource
GET /admin/permissions
Renders an HTML admin page listing all permissions granted for a specific file or folder, along with a form to grant new access.
Authentication: admin only.
The resource type. Must be
file or folder.The UUID of the resource to inspect.
Unique permission identifier.
Display name of the user who was granted access.
Email address of the user who was granted access.
The granted access level:
view, edit, or manage.Human-readable date when the permission was granted (e.g.
Jan 2, 2006).The page also renders a grant form pre-populated with all active users for easy selection. Only active users are listed in the dropdown.
Grant permission
POST /admin/permissions
Grants a user access to a file or folder at the specified level. If the user already has a permission on this resource, the existing row is updated with the new level (upsert semantics enforced by ON CONFLICT DO UPDATE).
Authentication: admin only.
Content-Type: application/x-www-form-urlencoded
The type of resource to grant access to. Must be
file or folder.The UUID of the file or folder to grant access to.
The UUID of the user to grant access to.
The access level to grant. One of:
view, edit, manage.- 302 Redirect to
GET /admin/permissions?type=<resource_type>&id=<resource_id>. HX-Triggerheader fires a success toast:{"showToast":{"message":"Access granted","type":"success"}}.- Returns 400 Bad Request if any required field is missing or if
levelis not one of the accepted values. - Returns 500 Internal Server Error if the database operation fails.
Revoke permission
DELETE /admin/permissions/{permID}
Permanently removes a permission grant. The affected user immediately loses the access level tied to this entry.
Authentication: admin only.
The UUID of the permission record to delete.
- 200 OK with
HX-Triggerheader:{"showToast":{"message":"Access revoked","type":"success"}}. - Returns 400 Bad Request if
permIDis not a valid UUID. - Returns 500 Internal Server Error if the delete fails.
Permission model
| Field | Type | Notes |
|---|---|---|
id | UUID | Primary key |
user_id | UUID | FK → users.id (ON DELETE CASCADE) |
resource_type | text | file or folder |
resource_id | UUID | References files.id or folders.id |
level | text | view, edit, or manage |
granted_by | UUID | null | FK → users.id of the granting admin |
created_at | timestamptz | Row creation time |