First of all I would like to point out how my implementation works:
the idea is that a user, even if it has security permissions, cannot remove to himself the rights to read a file/folder.
It can remove the rights to update security, to write/delete but not to read.
I've done it this way because imho the user should not have the possibility to do something harmful.
Think about an user that uploads a file, and then changes its permission to add some group.
It can by chance remove the 'role_user' group (button add/remove are very near..).
Then immediately the error 'file does not exist' appear, and ALL the users can't see this file (even if it is there!) anymore.
What do you think a user should do at this point? It is not going to call the administrator..
In my opinion a normal user will think that it hasn't uploaded the file correctly, or that there is some bug in the system and will try to upload the same file again, getting the error 'file exists'.
pavila wrote:
But from another point of view, If another user remove this revoke this read permission the other user also will have the same problem: he can't see the folder but it really exists. What is your proposal in this scenario?
Edit: Perhaps the problem is the error message "the path does not exists" and should be "read access denied" (or something like this), isn't it?
In the scenario you proposed,
if the user who tries to remove the rights is an administrator, he can do it (because he can still read that folder) the other users with the rights just removed will not see the folder.
If the user who tries to remove this rights is an user with security perms, he can remove all the perms except the read one.
If he tries to remove the read permission, a popup 'accessdenied' appears that contains the error: "You can't remove role X from folder Y, because this will disalow your user to see this folder".
(the error message can be improved..)
In every case, if then an user that can't see that folder tries to create a folder with the same name will get a 'folder exists' error.
Maybe we can change that error message discriminating the case in which a folder exists and is visible (that will raise 'folder exists')
and the case in which the folder exists but is not visible (that will raise some other well thought error..).
The confusion here lies in the fact that in OpenKM the 'read' permission, is a 'see' permission.
In linux if an user can't 'read' a folder, it will get access denied only when it tries to see what's inside, but it can see the folder.
Still I do not propose to follow the linux implementation (the fact that certain folders can be hidden is nice in my scenario, because each folder correspond to a different project and the administrator of a project should not see the other projects).