For collaborative permissions on documents, I designed it like this.
Referring to its api,
The first thing to answer is: does each document correspond to a permission, or does a document directory correspond to a permission? Or have both?
Anyway, it is not a problem to realize these two kinds on engineercms, just use casbin.
The second answer is whether to design the permission relationship between users and articles or the permission relationship between roles (user groups) and articles?
The answer is both.
Answer again, is the permission relationship between the design role and the article, or the permission relationship between the organizational structure and the document?
The answer is to use roles.
Then the organizational structure and users, users and roles, these two should be well designed, easy to operate, forward and reverse operations.
For example, people are selected by organizational structure, or organizational structure is selected on the basis of users, and after selection, they must be eliminated (screened).
That's about it.
Back to ONLYOFFICE document server, it has 3 permissions, edit permission, read-only permission, permission not allowed, go deeper, add download permission and print permission to combine, there are editable, non-downloadable, editable but not printable, This is very little. Second, readable-downloadable-printable, readable-not-downloadable-printable only…
The following figure is the document - user empowerment
The following figure is the document - role empowerment
The code is in github.