Permissions API¶

Backendless security mechanism assigns an Access Control List (ACL) to every file in the file storage. An ACL defines users and user roles that have permissions to read, write, or delete a file. The Permissions API allows programmatic control over file ACL by granting or denying permissions to a file for a user or a user role. Using the API permissions can be applies for a user or user role individually or in "bulk" - for all users or user roles in a single call.

The path or the url argument in the APIs below must identify a file or directory for which the permission is modified. The value must be the short version of the path. For example, suppose the full URL of a file in the file storage system is:

https://backendlessappcontent.com/31CB9FED-F34C-5541-FF26-6C2B6719F200/23432-A6B2-FF6B-31CB9FED/files/movies/vacation.mp4

The path to the file in the API call must contain only the directory and the file name (without the leading slash):

movies/vacation.mp4

The user account (or the role) on which behalf the API is executed must contain the Permission permission. For example, if the call is made by an authenticated user, the role for the user account would be AuthenticatedUser. The role must have the Permission permission in order for the API call to go through.

Methods¶

To set the permissions for a file, use FilePermission class.

Objective-CSwift

// grant permission for the operation to the user for the URL
- (void)grantForUserWithUserId:(NSString * _Nonnull)userId path:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// deny permission for the operation for the user for the URL
- (void)denyForUserWithUserId:(NSString * _Nonnull)userId path:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// grant permission for the operation to the role for the URL
- (void)grantForRoleWithRole:(NSString * _Nonnull)role path:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// deny permission for the operation for the role for the URL
- (void)denyForRoleWithRole:(NSString * _Nonnull)role path:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// grant permission for the operation to all existing users in the app for the URL
- (void)grantForAllUsersWithPath:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// deny permission for the operation for all existing users in the app for the URL
- (void)denyForAllUsersWithPath:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// grant permission for the operation for all existing roles in the app for the URL
- (void)grantForAllRolesWithPath:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// deny permission for the operation for all existing roles in the app for the URL
- (void)denyForAllRolesWithPath:(NSString * _Nonnull)path operation:(enum FilePermissionOperation)operation responseHandler:^(void)responseHandler errorHandler:^(Fault * _Nonnull)errorHandler;

// grant permission for the operation to the user for the URL
func grantForUser(userId: String, path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// deny permission for the operation for the user for the URL
func denyForUser(userId: String, path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// grant permission for the operation to the role for the URL
func grantForRole(role: String, path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// deny permission for the operation for the role for the URL
func denyForRole(role: String, path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// grant permission for the operation to all existing users in the app for the URL
func grantForAllUsers(path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// deny permission for the operation for all existing users in the app for the URL
func denyForAllUsers(path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// grant permission for the operation for all existing roles in the app for the URL
func grantForAllRoles(path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

// deny permission for the operation for all existing roles in the app for the URL
func denyForAllRoles(path: String, operation: FilePermissionOperation, responseHandler: (() -> Void)!, errorHandler: ((Fault) -> Void)!)

Example
¶

Objective-CSwift

[Backendless.shared.file.permissions grantForAllRolesWithPath:@"myfiles/myhelloworld-sync.txt" operation:FilePermissionOperationFILE_WRITE responseHandler:^{
    NSLog(@"Permission granted");
} errorHandler:^(Fault *fault) {
    NSLog(@"Error: %@", fault.message);
}];

Backendless.shared.file.permissions.grantForAllRoles(path: "myfiles/myhelloworld-sync.txt", operation: .FILE_WRITE, responseHandler: {
    print("Permission granted")
}, errorHandler: { fault in
    print("Error: \(fault.message ?? "")")
})

Codeless Reference¶

Set Permissions For A User/Role

files_api_permissions_set_for_user_and_role

where:

Argument	Description
`GRANT/DENY`	Specify if you want to grant or deny specific permissions.
`READ, WRITE, DELETE`	Select the permission type that you want to grant.
`path`	Path to a file or directory, for which you want to specify the permission.
`user id`	Unique identifier of the user, which is also known as the `objectId`. The value of the `objectId` property is stored in the `Users` data table.
`role name`	The name of the role that must be granted permissions.
`return result`	When this box is checked, the operation returns an object containing permission details.

Returns an object containing the "permissions" and the "role" properties. The former identifies the permission type such as READ, WRITE, DELETE and the latter identifies the role which was assigned these permissions.

The examples below grant permissions to READ the "/misc" folder to the user with the user id``"20FFE530-124A-4ABC-9059-3DD6F7F605F5" / to a "Trial User" role.

files_permissions_set_for_a_user_2

files_permissions_for_a_role_4

Set Permissions For All Users/Roles

files_api_permissions_set_for_all_users_and_roles

where:

Argument	Description
`GRANT/DENY`	Specify if you want to grant or deny specific permissions.
`READ, WRITE, DELETE`	Select the permission type that you want to grant.
`return result`	When this box is checked, the operation returns an object containing permission details.

Returns an object containing the "permissions" and the "role" properties. The former identifies the permission type such as READ, WRITE, DELETE and the latter identifies the role which was assigned these permissions.

The examples below grant permissions to READ the "/misc" folder to all users/roles.

files_permissions_set_for_all_users_2

files_permissions_set_for_all_roles_4

Permissions API¶

Methods¶

Example¶

Codeless Reference¶

Example
¶