Skip to content
osvauld

Sharing a Folder with Groups

The sequence diagram below shows how a user can share a folder with a group.

Sequence diagram for sharing a folder with a group

User Selection

  1. The user selects the folder they want to Share and initiates the share process.
  2. The client sends a request to the server to fetch the folder details and credential fields.
  3. The server returns the folder details and credential fields to the client.

Group and Access Type Selection

  1. The user selects the required group they want to share the folder with.
  2. The user specifies the access type (e.g., read, manager) for the selected group.
  3. The client sends a request to the server to fetch the group members for the selected group.
  4. The server returns the group members to the client.

Background Service Processing

  1. The client sends the selected folder, and group members to the background service.
  2. The background service sends the credential fields to the WASM module for decryption.
[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "encrypted_field_value"
            }
    ]
    }
]
  1. The WASM module, which has the user’s private key loaded in memory, decrypts the credential fields.
[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "decrypted_field_value"
            }
    ]
    }
]
  1. After decryption, the background service sends the decrypted fields to be encrypted using each group member’s public key to the WASM module.
  2. The background service sends the encrypted credential fields back to the client.
[{
    "userId": "user_id",
    "credentials":[
    {
        "credentialId": "credential_id",
        "fields": [
            {
            "fieldId": "field_id",
            "fieldValue": "encrypted_field_value"
            }
        ]
    }
]
}]

Server Processing

  1. The client then sends the whole payload to hash and then sign
  2. The client sends the encrypted credential fields, user IDs, group ID, and folder ID to the server with signature header.
{
    "folderId": "folder_id",
    "groupData": [{
        "groupId": "group_id",
        "accessType": "access_type",
        "userData": [{
            "userId": "user_id",
            "credentials":[
                {
                    "credentialId": "credential_id",
                    "fields": [
                        {
                        "fieldId": "field_id",
                        "fieldValue": "field_value"
                        }
                    ]
                }
            ]


    }]
}]
}
  1. The server processes the sharing request after verifying the signature.
  2. The server adds access to the folder_access table for the shared folder and group ID.
  3. The server adds access to the access_list table for each credential in the folder and the group ID.
  4. The server adds the encrypted credential fields to the fields table for each group member.
  5. The server returns the sharing response (success/failure) to the user.

Note: For every group the sharing is success when all the credentials of the folder are successfully shared with all users of a group. So that is made into a single txn.

Note: From now on, when a new credential is added to the folder, it will be automatically shared with the group members who have access to the folder.