Module file_access 

File access level helpers

Provides functions to determine user access levels to files based on:

• Scoped tokens (file:{file_id}:{R|W} grants Read/Write access)
• Ownership (owner always has Write access)
• FSHR action grants (WRITE subtype = Write, otherwise Read)

Structs

FileAccessCtx

Context describing the subject requesting file access

FileAccessResult

Result of checking file access

Enums

FileAccessError

Error type for file access checks

ScopeCheck

Result of checking whether a file is allowed by scope

Constants

MAX_PARENT_DEPTH

Maximum parent-chain depth for bounded folder-tree traversals.

Functions

check_file_access_with_scope

Check file access and return file view with access level

check_scope_allows_create_in

Check if a scoped token allows file creation, honoring folder subtrees.

check_scope_allows_file

Check if a file operation is allowed by scope.

check_share_for_file

Check if a user has share access to a file — either a direct share entry on the file itself or an inherited share from an ancestor folder.

get_access_level

Get access level for a user on a file

get_access_level_with_scope

Get access level for a user on a file, considering scoped tokens

is_descendant_of

Return true if ancestor_id is an ancestor folder of file_id.

resolve_dir_entry

Resolve one (tn, file_id) → DirEntry through the folder cache, falling back to a single read_file on a miss. The row is cached only when it is a folder (is_folder), keeping the cache small and folder-only; non-folder rows (e.g. the leaf that starts a descendant walk) are returned but never inserted.

scope_grants_collection_op

Returns true when a scoped token is itself sufficient authorization for a collection-level operation, letting the middleware skip the role/quota path.

scope_target_is_folder

Return true if the scoped target file is a folder (file_tp == "FLDR").

walk_parent_chain_for_share

Walk the parent chain of a file to find an inherited share entry.