Multiusers technical brainstom

From ownCloud.org

This a proposal to enable multiusers into owncloud

Permission

-The Permissions would be only for folders ( I don't see much interest to put individual permissions for files at this point ). Files Inherits the right of their folder.

-They could be store in a .ocaccess file inside (oc~owncloud) each folder in the data tree.

-The permission can be adapt from unix permission, except there is obviously no execution right, and there should be no 'write' right for 'all' (for security reasons). So 777~664, 555~440

-.ocaccess files format: owner group permissions (ex: admin users 640)

- users should be able to create any group (if allowed by admin). The list of group names is stored in a "groups" table in the database. - partly implemented

- The users name and encrypted password are stored in the table "users". - implemented

-The users in group admin can create new users (web page for this ?) - implemented

Virtual folders

The idea of virtual folders is the same as symbolic links in linux : you click on a virtual folder, and you move you in to an other branch of the data tree, like a share folder of some other user.

I'm not sure how it should be implemented:

- use symbolic links. pb: support for all OS and file systems?

- use small files (like .vfolder) to indicate on which node it points.

- use the database  : make a table containing all the symbolic links.

- use the database to store the whole owncloud filesystem & abstract the notion of folder. Make the following tables:

• table:nodes (a node is either a folder or a file) / entries: id,owner, group_name,permissions (or if we want to give permissions to files
• table: filiation (indicate the parent/children relationship) entries : parent_id,children_id

Multiuser v2

This is a second proposal where the whole filesystem structure is stored in the database. Since a folder can be shared, it should appears in multiple places. So the global datastructure is an oriented graph (we can also forbid loops, making it a directed oriented graph. It is not really necessary to do that , but it may avoid some problems of infinite recursion). Each user have a "root node" (basically his root directory). From there he can navigate the graph but when he is on a node he can only see :

- the child of the node where he have read access

- the parent node where he comes from.

This way the user have the feeling to navigate a tree (with some shortcuts).

The advantages :

• it is possible to make virtual folders : a file or a folder can belong to more than 1 folder (easier for sharing).
• As everything except the files is stored into the database, it makes it is easier to save
• Makes it easier to implement search

The drawbacks:

• Can it works with webDAV ?
• Is it easy to implement ?
• is it not too complex for the purpose of OwnCloud ?
• Are the performances of the database going to be good enough ?

The proposed tables:

• users (list users) : id, password (encrypted),root_node_id [already exists]
• groups (list groups): id, name [already exists] [also users should be derived from groups]
• user_group ( each line indicates the belonging of a user to a group): user_group_id, user_id group_id [already exists]
• nodes (a node is either a folder or a file) : id, path_to_the_node (the path to the file or the folder in the real filesystem), is_a_folder (true/false)
• permissions ( each line specify give read and/or write access to some file to group or a user): id,user_or_group_id,node_id, read_access (true/false),write_access (true/false)
• filiation ( each line specify a parent/children relationship / a parent can have multiple children / a child can have multiple parents): id, parent_node_id (must be a folder), child_node_id

When a user is browsing the files, OwnCloud must remember the navigation path, so that it is possible to know which parent (if there is several) is the suitable one