Child Item

File permissions in the shared folder

Hi, I have this case:

User A shares a folder to User B with edit rights and B didn't accept the shared folder yet.

In my application A opens the file from the shared folder, and provides the fileId to User B, assuming the B should have the access rights for that file.

`sharing/get_file_metadata` performed by User B returns

"access_type": {

".tag": "editor"

so User B is assuming he has edit rights for the file as well. However, User B is not allowed to even download the file (download file rq return 404 not found).

Is there any way how to detect User B haven't accepted the shared folder, so he doesn't have the access rights for the file yet? Or, could it a bug, as the get_file_metadata seems to return misleading information?

Find more posts tagged with

Developers

Accepted answers

Greg-DB

Apologies for the confusion! This is the expected behavior. Before user B "accepts" or "mounts" the shared folder, they will have the right to access to (hence the returned "access_type"), but won't actually be able to do so, since the content hasn't yet been added to their account.

You can detect this from the /2/sharing/get_file_metadata call for user B. In the response, if 'path_display' and 'path_lower' aren't set, that means that the file is not mounted in the user's account yet, so they can't interact with it. (They can mount it using the Dropbox web site, or via the API using /2/sharing/mount_folder.)

All comments

Greg-DB

lades

@Greg-DB I'm facing another issue with the access rights:

I have a business account, get_file_metadata for a file from a team folder returns the tag `editor`, I assume the user has permissions to write (even both path_lower, patrh_display is set). However, upload rq is failing with the 409:

"error_summary": "path/no_write_permission/."

Please check the attached files for complete responses.

upload is performed with this header

Dropbox-API-Arg: {"path":"id:f1MRSe_xAMAAAAAAAAAAOQ","mode":{".tag":"overwrite"}}

Greg-DB

@lades I'll be happy to take a look, but I'll need some more information. Can you share the requests/responses for this? Please be sure to redact your access token though.

You mentioned "attached files" but I don't see anything attached.

Feel free to open an API ticket if you'd prefer to share privately. Thanks!

lades

@Greg-DB I found out what the problem was. When the header `Dropbox-API-Path-Root` is not specified, `get_file_metadata` is not returning the `path_lower` and `path_display` properties.

Dropbox-API-Path-Root: {".tag":"root","root":"63xxxxxx0"}

It all works fine (even the upload) if the `Dropbox-API-Path-Root` is defined.