Praisma Hub LogoPraisma Hub

2.8.2 Folder Permissions — Access Control

Folder permissions enforce granular access control over media assets. Permissions are evaluated dynamically based on tenant, organization, folder, and role.

Permission Model

Folder access is governed by explicit permission assignments:

class MediaFolderPermission extends Model { protected $fillable = [ 'folder_id', 'role_id', 'can_view', 'can_upload', 'can_edit', 'can_delete' ]; }

Permissions are inherited down the folder tree unless overridden.

Enforcement

Permission checks are applied:

At API request level

In background jobs

Within UI components

if (! $user->can('media.upload', $folder)) { abort(403); }

This ensures consistent enforcement regardless of entry point.

Governance

All permission changes:

Require administrative roles

Are logged for audit purposes

Take effect immediately

Summary

Folder permissions provide controlled delegation of media access without compromising tenant isolation or security.