Query about permissions and getItemURL()

I’m looking at how to support getItemURL() in my SafeNetwork RS.js backend.

I’m assuming that it returns a URL to a private file, and that to access it, the user must have an authorised browser session. Is this correct?

Although I’m also thinking that the user may configure permissions certain areas (root folders, any folders?) or even individual files to be public. Is this the case, and if so is this catered for within RS.js?

I haven’t looked at the server spec yet, so if it is all in there let me know and I’ll go read! I just had a few minutes to begin looking at this but have to stop now so posting in case there’s a quick answer. Thanks.

It returns whatever the full URL of the item is. That is: storage base URL + item URL relative to storage root. For example if you request the item URL of foo-item using a BaseClient that is scoped to the category foo-category, then your URL will look something like https://mystorageprovider.com/foo-category/foo-item.

Only items in the special public/ directory are public. Every item is publicly accessible, but folder listings are not. A remoteStorage permissions scope is valid for both the private and public path of a category. For example if you have RW access to foo-category, you can read and write in both /foo-category/ as well as /public/foo-category/.

Yes, you can e.g. search https://tools.ietf.org/html/draft-dejong-remotestorage-07 for the word “public”. I do think it’d be nice to have an easier-to-read explainer document for the whole protocol in addition to the spec, but nobody wrote one yet.

Hope this helps.

1 Like