Add granular media permissions: allow users to upload but only view their own files #2903
Description
Description
Currently, media permissions are all-or-nothing. If a user has get and manage permissions for media, they can see all media files uploaded by any user. There's no way to restrict users to only see their own uploaded files.
Current Behavior
Media permissions work as:
- get: User can view ALL media files
- manage: User can upload/delete ALL media files
There's no middle ground for users who should be able to upload media but only access their own files.
Proposed Behavior
Add a new permission level or scope for media:
- manage:own or manage:self: User can upload media and manage only their own uploads
- get:own or get:self: User can only view media they have uploaded
Permission Structure Proposal
Media Permissions:
[ ] get:all - View all media files
[ ] get:own - View only own uploaded files
[ ] manage:all - Upload/delete all media files
[ ] manage:own - Upload/delete only own media files
OR with simpler structure:
Media Permissions:
[ ] View all media
[ ] View only own media
[ ] Manage all media
[ ] Manage only own media
Use Cases
This would enable scenarios like:
Marketing Team Collaboration:
- Designer A uploads campaign images
- Designer B uploads newsletter graphics
- Each designer only sees their own files
- Marketing Manager sees all media (has
get:all)
Multi-tenant Usage:
- Different departments share one listmonk instance
- HR uploads company policy documents
- Sales uploads product sheets
- Each team only accesses their own media
Security & Privacy:
- Prevent users from accessing/deleting other users' files
- Audit trail: who uploaded what
- Reduce accidental deletion of others' work
Implementation Suggestions
Database Level
- Add
uploaded_byfield to media table - Track user ID on upload
- Filter queries based on user permissions and ownership
API Level
GET /api/media
- If user has "get:all" → return all files
- If user has "get:own" → return WHERE uploaded_by = current_user_id
UI Level
- Show ownership indicator (uploaded by username/date)
- Filter media library based on permissions
- Display "Your uploads" vs "All uploads" toggle for admins
Benefits
- Improved security: Users can't accidentally see/delete others' work
- Better multi-user support: Essential for teams
- Compliance: Easier to implement data separation requirements
- Accountability: Clear ownership of uploaded content
Impact
Priority: Medium-High
This feature is important for:
- Teams with multiple content creators
- Organizations with data separation requirements
- Preventing accidental media deletion
- Professional/enterprise usage scenarios
Version
- listmonk version: 6.x.x
Additional Context
This follows the principle of least privilege where users should only have access to resources they need. Current media permissions don't support this principle.
Many modern CMSs and DAMs (Digital Asset Management) systems implement this pattern:
- WordPress: Media library filtered by author
- Drupal: File ownership tracking
- SharePoint: Document ownership
Backward Compatibility
Implementation should maintain backward compatibility:
- Existing users with
managepermission could default tomanage:all - New installations could use the granular permission structure
- Migration path for existing media (assign to admin or leave unowned)