Update CTERA README.md.

ctera/src/main/java/ch/cyberduck/core/ctera/README.md

@@ -1,10 +1,10 @@
-# CTERA Custom XML fields to support NT-ACL and WORM data
+# Custom Properties in namespace `http://www.ctera.com/ns` in DAV Resources to Support NT-ACL and WORM Data
 
-## 2nd line of defense: preflight (Cyberduck)
+## Preflight Checks
 
 | local      | Feature     | folder | file | CTERA required permissions                                                                                                                      | preflight |
 |------------|-------------|--------|------|-------------------------------------------------------------------------------------------------------------------------------------------------|-----------|
-| ls         | ListService | x      |      | `readpermission`                                                                                                                                | --        |
+| ls         | ListService | x      |      | `readpermission`                                                                                                                                | x         |
 | read       | Read        |        | x    | `readpermission`                                                                                                                                | x         |                      
 | write      | Write       |        | x    | `writepermission`                                                                                                                               | x         |
 | mv         | Move        | x      |      | source:`deletepermission` AND target:`writepermission` (if directory exists, i.e. overwrite) AND target's parent: `createdirectoriespermission` | x         |
@@ -14,36 +14,57 @@
 | touch      | Touch       |        | x    | (future: target's parent `createfilepermission`)                                                                                                | x         |
 | mkdir      | Directory   | x      |      | `createdirectoriespermission`                                                                                                                   | x         |
 | rm / rmdir | Delete      | x      | x    | `deletepermission`                                                                                                                              | x         |
-| exec       | --          |        | x    | `executepermission` on file                                                                                                                     | --        |
+| exec       | --          |        | x    | --                                                                                                                                              | --        |
 
 N.B. no need to check `readpermission` upon mv/cp.
 
-## 1st line of defense: filesystem (Mountain Duck)
+## Filesystem Mapping
 
 ### macOS NFS POSIX
 
-| folder | file | NFS (POSIX) | affected local operations                                    | implementation (`NfsFileSystemDelegate.getattr`)                                                                                                           |
+| folder | file | NFS (POSIX) | affected local operations                                    | implementation                                                                                                                                             |
 |--------|------|-------------|--------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |        | x    | `r`         | read                                                         | `r` <-- `Read.preflight` <-- `readpermission`                                                                                                              |
-|        | x    | `x`         | exec                                                         | `x` <-- TRUE                                                                                                                                               |
 | x      |      | `rx`        | ls                                                           | `rx` <-- `Read.preflight` <-- `readpermission`                                                                                                             |                      
 |        | x    | `w`         | write, rm, mv source file, mv target file (if exists)        | `w` <--  (`Write.preflight` OR `Delete.preflight`  <-- (`writepermission` OR `deletepermission`)                                                           |
 | x      |      | `w`         | rmdir, mkdir, mv source folder, mv target folder (if exists) | `w` <--  (`Write.preflight` OR `Delete.preflight` OR `Directory.preflight`) <-- (`writepermission` OR `deletepermission` OR `createdirectoriespermission`) |
 
-N.B. we use `Read` feature for `readpermission` on directories, as well.
+N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA.
 
 ### macOS File Provider Capabilities
 
-| folder | file | File Provider capabilities (`DefaultFileProviderItemConverter.toFileProviderItem`)                                                                                                            | affected local operations |
-|--------|------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------|
-| x      | x    | `NSFileProviderFileSystemUserReadable` <-- TRUE                                                                                                                                               | read, ls                  |
-| x      | x    | `NSFileProviderFileSystemUserWritable` <-- TRUE                                                                                                                                               | write, mv, touch, mkdir   |
-| x      | x    | `NSFileProviderFileSystemUserExecutable` <-- TRUE                                                                                                                                             | exec                      |
-| x      |      | `NSFileProviderItemCapabilitiesAllowsContentEnumerating` <-- `Read.preflight` <-- `readpermission`                                                                                            | ls                        |
-|        | x    | `NSFileProviderItemCapabilitiesAllowsReading` <-- `Read.preflight` <-- `readpermission`                                                                                                       | read                      |                      
-|        | x    | `NSFileProviderItemCapabilitiesAllowsWriting` <--  `Write.preflight`  <-- `writepermission`                                                                                                   | write                     |
-| x      |      | `NSFileProviderItemCapabilitiesAllowsAddingSubItems` <-- (`Touch.preflight` (§) OR `Directory.preflight` (§)) <-- (`createdirectoriespermission` OR (future: `createfilepermission`)) == TRUE | mv, touch, mkdir          |
-| x      | x    | `NSFileProviderItemCapabilitiesAllowsDeleting`  <-- `Delete.preflight` <-- `deletepermission`                                                                                                 | rm, rmdir, mv             |
+| folder | file | File Provider Capabilities                                                                 | affected local operations |
+|--------|------|--------------------------------------------------------------------------------------------|---------------------------|
+| x      |      | `NSFileProviderFileSystemUserReadable` <-- `ListService.preflight`                         | ls                        |
+|        | x    | `NSFileProviderFileSystemUserReadable` <-- `Read.preflight`                                | read                      |
+| x      |      | `NSFileProviderFileSystemUserWritable` <-- `Touch.preflight` <-- TRUE for CTERA            | mv, touch, mkdir          |
+|        | x    | `NSFileProviderFileSystemUserWritable` <-- `Write.preflight`                               | write, mv                 |
+| x      |      | `NSFileProviderFileSystemUserExecutable` <-- `ListService.preflight`                       | ls                        |
+|        | x    | `NSFileProviderFileSystemUserExecutable` <-- `permission.isExecutable` <-- FALSE for CTERA | exec                      |
 
-(§) with random file/directory name
+(§) with empty file/directory name
 
+N.B. File Provider sets the `x` flag on all folders independent of `NSFileProviderFileSystemUserExecutable`.
+
+#### Documentation
+
+* https://developer.apple.com/documentation/fileprovider/nsfileproviderfilesystemflags
+* https://developer.apple.com/documentation/fileprovider/nsfileprovideritemcapabilities
+
+### Windows ACLs
+
+| folder | file | access right        | affected local operations                                           | implementation (`WindowsAcl.Translate`)                 |
+|--------|------|---------------------|---------------------------------------------------------------------|---------------------------------------------------------|
+|        | x    | `Read`              | read, exec                                                          | `Read.preflight` <-- `readpermission`                   |                      
+| x      |      | `ReadAndExecute`    | ls                                                                  | `ListService.preflight` <-- `readpermission`            |                      
+| x      | x    | `Write`             | write, touch, mkdir, mv source file, mv target file (if exists)     | `Write.preflight` <-- `writepermission`                 |
+| x      | x    | `Delete`            | rm, rmdir, mv source file/folder, mv target file/folder (if exists) | `Delete.preflight` <-- `deletepermission`               |
+| x      |      | `CreateDirectories` | mkdir, mv target folder (if target folder does not exist)           | `Directory.preflight` <-- `createdirectoriespermission` |
+
+N.B. `Write` on folders implies `CreateFiles` (=`WriteData` on files) and `CreateDirectories` (=`AppendData` on files).
+N.B. `x` on files is only set for POSIX backends, i.e. never for CTERA.
+
+#### Documentation
+
+* https://learn.microsoft.com/en-us/dotnet/api/system.security.accesscontrol.filesystemrights?view=net-8.0
+