Tags: security, permissions, workspace, multi-tenant
Quality Rating: ⭐ 9/10
Reporter: xiaoan
Description
Currently, users can freely delete files in the workspace without proper permission checks. This is a potential security and data integrity issue in a multi-tenant environment.
Expected Behavior
Workspace file management should have proper permission controls:
- File owners should have full control (read, write, delete) over their own files
- Other users in the same tenant should have limited permissions (e.g., read-only or no access)
- Platform/tenant admins should have elevated permissions for management purposes
- Deletion operations should require explicit permission verification
Current Behavior
- Any user can delete workspace files without permission checks
- No distinction between file owner and other users
- Risk of accidental or malicious data loss
- No audit trail for file deletion operations
Security Impact
This is a multi-tenant security concern:
- Users from different companies/tenants should not be able to delete each other's files
- Even within the same tenant, users should not have unrestricted delete access to all files
- Critical business documents could be accidentally or intentionally deleted
Proposed Solution
-
Implement file ownership tracking:
- Store
owner_user_id for each file in the database
- Track file creator/owner metadata
-
Add permission checks for delete operations:
# Pseudo-code example
def delete_file(file_id, user_id):
file = get_file(file_id)
if file.owner_user_id != user_id and not user.is_admin:
raise PermissionError("Cannot delete file owned by another user")
-
Consider role-based access control (RBAC):
- File Owner: Full control
- Team Member: Read/write (no delete)
- Admin: Full control + audit logs
- Other users: No access or read-only
-
Add soft delete or recycle bin:
- Deleted files go to recycle bin first
- Allow recovery within a time window (e.g., 30 days)
- Permanent deletion requires admin approval
-
Audit logging:
- Log all file deletion operations with user ID, timestamp, and file metadata
- Enable admins to review deletion history
Additional Context
Related issue: #209 (多用户文件区隔) - This addresses file isolation between users, but the current issue focuses specifically on delete permission controls.
This feature is important for:
- Enterprise deployments with multiple users
- Compliance requirements (data retention, audit trails)
- Preventing accidental data loss
- Maintaining data integrity in shared workspaces
Tags:
security,permissions,workspace,multi-tenantQuality Rating: ⭐ 9/10
Reporter: xiaoan
Description
Currently, users can freely delete files in the workspace without proper permission checks. This is a potential security and data integrity issue in a multi-tenant environment.
Expected Behavior
Workspace file management should have proper permission controls:
Current Behavior
Security Impact
This is a multi-tenant security concern:
Proposed Solution
Implement file ownership tracking:
owner_user_idfor each file in the databaseAdd permission checks for delete operations:
Consider role-based access control (RBAC):
Add soft delete or recycle bin:
Audit logging:
Additional Context
Related issue: #209 (多用户文件区隔) - This addresses file isolation between users, but the current issue focuses specifically on delete permission controls.
This feature is important for: