U.S. patent application number 14/726196 was filed with the patent office on 2017-12-28 for synchronization of permissioned content in cloud-based environments.
The applicant listed for this patent is Box, Inc.. Invention is credited to Jeremy Jen-Ming Chiu, Yiming Lu, David MacKenzie, Lu Pan, Kunal Parmar, Brandon Savage, David Grant Sawyer.
Application Number | 20170374143 14/726196 |
Document ID | / |
Family ID | 55403949 |
Filed Date | 2017-12-28 |
United States Patent
Application |
20170374143 |
Kind Code |
A9 |
Savage; Brandon ; et
al. |
December 28, 2017 |
SYNCHRONIZATION OF PERMISSIONED CONTENT IN CLOUD-BASED
ENVIRONMENTS
Abstract
Enterprise administrators in a cloud-based environment including
a cloud-based server and a repository can selectively impose
permissions on items (e.g., files and folders) marked for
synchronization ("sync items"). The sync items can be synchronized
with the client devices of users by downloading the items along
with the permission attributes from the cloud-based server.
However, the permissions on those sync items means that any
unpermitted changes to the local copies of the sync items do not
get uploaded to the cloud-based server. A synchronization client on
the client devices detects any changes made locally to the sync
items that are not consistent with the permission attributes, and
repairs those changes so that the sync items are restored to their
most recent states. This ensures that any unauthorized changes made
to sync items remain local and do not propagate by the
synchronization process to other users.
Inventors: |
Savage; Brandon; (San
Carlos, CA) ; Parmar; Kunal; (San Jose, CA) ;
Sawyer; David Grant; (Mountain View, CA) ; Pan;
Lu; (Foster City, CA) ; Lu; Yiming; (Los
Altos, CA) ; MacKenzie; David; (San Francisco,
CA) ; Chiu; Jeremy Jen-Ming; (Milpitas, CA) |
|
Applicant: |
Name |
City |
State |
Country |
Type |
Box, Inc. |
Los Altos |
CA |
US |
|
|
Prior
Publication: |
|
Document Identifier |
Publication Date |
|
US 20160065672 A1 |
March 3, 2016 |
|
|
Family ID: |
55403949 |
Appl. No.: |
14/726196 |
Filed: |
May 29, 2015 |
Related U.S. Patent Documents
|
|
|
|
|
|
Application
Number |
Filing Date |
Patent Number |
|
|
62044920 |
Sep 2, 2014 |
|
|
|
62006799 |
Jun 2, 2014 |
|
|
|
62005659 |
May 30, 2014 |
|
|
|
Current U.S.
Class: |
1/1 |
Current CPC
Class: |
H04L 67/1097 20130101;
H04L 67/10 20130101; H04L 67/1095 20130101 |
International
Class: |
H04L 29/08 20060101
H04L029/08 |
Claims
1. A method of restoring a content item marked for synchronization
between a cloud-based server and at least one computer system, the
method comprising: receiving, at the at least one computer system,
a content item transmitted by a cloud-based server, wherein the
content item is marked for synchronization between the cloud-based
server and at the at least one computer system, and wherein the
content item is associated with at least one permission attribute;
detecting, by the at least one computer system, a change to the
content item on the computer system; performing, by the at least
one computer system, prior to uploading the change to the content
item to the cloud-based server, a permission check with the
cloud-based server to determine whether the change to the content
item is permitted based, at least in part, on the at least one
permission attribute associated with the content item; receiving,
by the at least one computer system, a result of the permission
check from the cloud-based server, the result indicating that the
change to the content item will be rejected by the cloud-based
server during a synchronization procedure; and restoring the
content item when the change to the content item is rejected by the
cloud-based server.
2. The method of claim 1, further comprising: rejecting an upload
of the content item when the result of the permission check
indicates that the change to the content item was rejected.
3. The method of claim 1, wherein the cloud-based server is
associated with a cloud-based storage and collaboration platform,
and wherein the permission check with the cloud-based server is
performed via an application program interface (API).
4. The method of claim 3, wherein the content item is a folder, a
sub-folder, or a file, the folder including a sub-folder or a file,
and the sub-folder including a file, wherein the content item is
stored in a workspace hosted at cloud-based storage, the workspace
being associated with an enterprise and managed by an enterprise
administrator.
5. The method of claim 4, wherein the enterprise administrator
associates the at least one permission attribute with the content
item that is marked for synchronization between the cloud-based
server and the at least the computer system.
6. The method of claim 3, wherein the at least one permission
attribute permits or restricts a user action that changes the
content item, the user action including one or more of: creating a
new content item inside the content item, moving the content item
to another location, deleting the content item, editing the content
item, or renaming the content item.
7. The method of claim 6, wherein when the at least one permission
attribute restricts creating the new content item inside the
content item, the result of the permission check indicates that the
creation of the content item is rejected, and restoring the content
item to its most recent form when the change to the content item is
rejected further comprises: moving the new content item to another
location; and generating a notification message indicating that the
creation of the new content item was rejected and that the new
content item that was created was moved to another location.
8. The method of claim 6, wherein when the at least one permission
attribute restricts editing of the content item, the result of the
permission check indicates that the edit to the content item is
rejected, and restoring the content item to its most recent form
when the change to the content item is rejected comprises: creating
a conflict copy that includes the edit to the content item;
downloading a most recent copy of the content item from a
repository of the cloud-based server; and generating a notification
message indicating that the edit to the content item was rejected
and that the edit to the content item was saved in the conflict
copy.
9. The method of claim 6, wherein when the at least one permission
attribute restricts deleting the content item and when the change
to the content item includes a deletion of the content item, the
result of the permission check indicates that the deletion of the
content item is rejected, and restoring the content item to its
most recent form when the change to the content item is rejected
comprises: downloading the deleted folder or file from a repository
of the cloud-based server; and generating a notification message
indicating that the deletion of the content item was rejected and
that the content item that was deleted was restored.
10. The method of claim 6, wherein when the permission attribute
restricts renaming of the content item and when the change to the
content item includes a renaming of the content item, the result of
the permission check indicates that the renaming of the content
item is rejected, and restoring the content item to its most recent
form when the change to the content item is rejected further
comprises: changing a new name of the content item from the
renaming of the content item on the computer system to a name of
the content item on the cloud-based server; and generating a
notification message indicating that the renaming of the content
item to the new name was rejected and that the new name of the
content item stored locally on the computer system was restored to
match the name of the content item on the cloud-based server.
11. The method of claim 6, wherein when the permission attribute
restricts moving of the content item and when the change to the
content item includes a moving of the content item, the result of
the permission check indicates that the moving of the content item
is rejected, and restoring the content item to its most recent form
when the change to the content item is rejected further comprises:
moving the content item into a same hierarchical location on the
computer system as its counterpart on the cloud-based server; and
generating a notification message indicating that the moving of the
content item was rejected and that the content item was moved back
to its original location.
12. The method of claim 3, wherein the at least one permission
attribute permits or restricts a user action to add or create a tag
for the content item, assign a task for the content item, access
the content item from multiple computer systems, access the content
item from a mobile device or invite external users to collaborate
on the content item.
13. The method of claim 1, further comprising: caching the at least
one permission attribute of the content item in a cache memory on
the computer system. visibly marking the content item on the
computer system based on the at least one permission attribute to
provide a visible indication of a type of permission attribute that
the content item has.
14. The method of claim 13, further comprising instructions for
receiving a change to the at least one permission attribute
associated with the content item from the cloud-based server and in
response, dynamically updating the visible marking on the content
item on the client device based on the change to the permission
attribute.
15. A system comprising: a repository storing content items; and a
cloud-based server coupled to the repository and configured to
provide multiple user accounts access to a content item from the
repository, the cloud-based server being further configured to:
receive instructions to assign a permission attribute to the
content item that is accessible to the multiple user accounts;
receive instructions to mark the content item for synchronization
between the cloud-based server and client devices associated with
the multiple user accounts; synchronize the content item by
downloading the content item, along with the permission attribute,
from the repository to a location on the client devices; receiving
a notification of a change to a local copy of the content item from
a client device associated with one of the multiple user accounts;
determine whether the change to the local copy of the content item
is permitted based on the permission attribute assigned to the
content item; in response to determining that the change to the
local copy of the content item is not permitted, transmitting a
permission failed message to the client device, wherein the
permission failed message causes the client device to restore the
local copy of the content item to its most recent state; and in
response to determining that the change to the local copy of the
content item is permitted, transmitting a permission successful
message to the client device, wherein the permission successful
message causes the client device to upload the change to the local
copy of the content item to the cloud-based server for
synchronizing the change to the content item with the client
devices associated with rest of the multiple user accounts.
16. The system of claim 15, wherein the content item includes a
file, a sub-folder or a folder, the folder including a sub-folder
or a file, and the sub-folder including a file, wherein the
permission attribute includes: do not create, do not delete, do not
edit, do not rename, do not move, or do not modify metadata.
17. A method comprising: receiving, by a cloud-based server, an
instruction to assign a permission attribute to a content item in a
cloud-based storage and collaboration platform hosted, at least in
part, by the cloud-based server, wherein the content item is stored
in a datastore coupled to the cloud-based server, and wherein the
content item is marked for synchronization with multiple user
accounts associated with multiple users of the cloud-based storage
and collaboration platform; detecting, by the cloud-based server,
an attempt by one user of the multiple users of the cloud-based
storage and collaboration platform to take an action on the content
item; performing, by the cloud-based server, a permission check to
determine whether the action is permitted on the content item
based, at least in part, on the permission attribute assigned to
the content item; and allowing or preventing, by the cloud-based
server, the user from performing the action on the content item
based on a result from the permission check.
18. The method of claim 17, wherein the permission attribute
restricts the multiple users from inviting external users to
collaborate on the content item in the cloud-based storage and
collaboration platform, and wherein the action on the content item
includes inviting a collaborator by specifying an email address of
the collaborator to collaborate on the content item.
19. The method of claim 18, wherein performing the permission check
includes checking a domain name of the email address of the
collaborator to determine if the collaborator is external to an
organization and, if so, preventing the user from inviting the
collaborator who is external to the organization.
20. A machine-readable storage medium having instructions stored
thereon, which when executed by one or more processors of a
computer system, cause the computer system to: process a content
item transmitted by a cloud-based server, wherein the content item
is marked for synchronization between the cloud-based server and at
the at least one computer system, and wherein the content item is
associated with at least one permission attribute; detect a change
to the content item on the computer system; prior to uploading the
change to the content item to the cloud-based server, perform a
permission check with the cloud-based server to determine whether
the change to the content item is permitted based, at least in
part, on the at least one permission attribute associated with the
content item; process a result of the permission check transmitted
by the cloud-based server, the result indicating that the change to
the content item will be rejected by the cloud-based server during
a synchronization procedure; and restore the content item when the
change to the content item is rejected by the cloud-based server.
Description
CROSS-REFERENCE TO RELATED APPLICATIONS
[0001] This application claims priority to and benefit from U.S.
Provisional Patent Application Ser. No. 62/005,659 titled
"ENTERPRISE ADMIN SELECTIVELY IMPOSED SYNC PERMISSIONS AT A CLIENT
END OR CLIENT DEVICE" filed on May 30, 2014 and U.S. Provisional
Patent Application Ser. No. 62/006,799 titled "ENTERPRISE
ADMINISTRATOR SELECTIVELY IMPOSED SYNC PERMISSIONS AT A CLIENT END
OR A CLIENT DEVICE" filed on Jun. 2, 2014; and U.S. Provisional
Patent Application Ser. No. 62/044,920 titled "SYNCHRONIZATION
PERMISSIONS SELECTIVELY IMPOSED BY AN ENTERPRISE ADMIN ON FILES
AND/OR AT A CLIENT DEVICE" FILED ON Sep. 2, 2014. The
aforementioned applications are expressly incorporated by reference
herein.
BACKGROUND
[0002] A cloud-based collaboration and/or storage platform enables
content (e.g., files and folders) to be accessed, viewed and/or
edited by collaborators in the same group or enterprise using any
client devices at the same time. Through a synchronization (sync)
client of the cloud-based platform, collaborators can sync content
between their desktops, laptops and mobile devices and their online
folders on the cloud-based platform. The sync client enables any
new or updated files and/or sub-folders in a folder marked for sync
("sync folder") to be automatically downloaded to the devices of
users who are collaborators of that sync folder. Every edit or
update made locally on a file in the sync folder is then
automatically saved to the cloud-based platform via the sync
client.
BRIEF DESCRIPTION OF DRAWINGS
[0003] The present embodiments are illustrated by way of example
and are not intended to be limited by the figures of the
accompanying drawings.
[0004] FIG. 1 depicts an example diagram of a system having a host
server of a cloud-based service, collaboration and/or cloud storage
accounts with capabilities that enable synchronization of items
(e.g., files or folders) with permissions imposed by enterprise
administrators ("admins") or enterprise content item owners in a
cloud-based environment.
[0005] FIG. 2 depicts an example diagram of a web-based or online
collaboration platform deployed in an enterprise or other
organizational setting for organizing work items and
workspaces.
[0006] FIG. 3A depicts an example diagram of a workspace in an
online or web-based collaboration environment accessible by
multiple collaborators through various devices.
[0007] FIG. 3B depicts an abstract diagram illustrating an example
data structure of the folders and files in the workspace of FIG.
3A.
[0008] FIG. 3C depicts an example diagram illustrating the
interaction between server-side components for incrementally
updating a sync client with events or actions that occurred via a
cloud-based environment.
[0009] FIG. 3D depicts an example diagram illustrating the
interaction of remote clients with a distributed database cluster
for incremental updates of events/actions which occurred at a
cloud-based environment.
[0010] FIG. 4 depicts an example diagram illustrating preventing
any changes made to a permissioned synchronization ("sync") item
from being uploaded to the host server in the cloud-based
environment.
[0011] FIG. 5A depicts an example diagram illustrating components
of a synchronization client of the cloud-based environment that is
capable of preventing changes made to a permissioned sync item from
being uploaded to the host server in the cloud-based environment
and for handling those changes locally.
[0012] FIG. 5B depicts an example diagram illustrating components
of the host server of the cloud-based environment that is capable
of performing permission checks to prevent any changes to a
permissioned sync item that are not permitted based on permission
attributes of the sync item in the cloud-based environment.
[0013] FIG. 6 depicts an example diagram illustrating a method of
detecting and handling different types of unauthorized changes made
to a permissioned sync item on a client device.
[0014] FIG. 7 depicts an example diagram illustrating a method of
handling a "create" failure by a sync client on a client
device.
[0015] FIG. 8 depicts an example diagram illustrating a method of
handling a "move" failure by a sync client on a client device.
[0016] FIG. 9 depicts an example diagram illustrating a method of
handling a "delete" failure by a sync client on a client
device.
[0017] FIG. 10 depicts an example diagram illustrating a method of
handling an "edit" failure by a sync client on a client device.
[0018] FIG. 11 depicts an example diagram illustrating a method of
handling a change to a sync item having a permission attribute.
[0019] FIG. 12 depicts an example diagram illustrating a method of
allowing or denying an action on a sync item based on one or more
permission attributes of the item.
[0020] FIG. 13 depicts a diagrammatic representation of a machine
in the example form of a computer system within which a set of
instructions, for causing the machine to perform any one or more of
the methodologies discussed herein, can be executed.
[0021] The same reference numbers and any acronyms identify
elements or acts with the same or similar structure or
functionality throughout the drawings and specification for ease of
understanding and convenience.
DETAILED DESCRIPTION
[0022] In a cloud-based collaboration and/or storage environment
("cloud-based environment") including a cloud-based server or host
server, contents of a folder that is marked for synchronization
(hereinafter "sync folder") can be downloaded from the cloud-based
environment to one or more client devices of users (e.g.,
collaborators of the sync folder) using a sync client. Once
downloaded, a user can locally modify the files (and/or
sub-folders) in the sync folder. The modified files can then be
automatically synced back to the cloud-based environment and from
thereon, propagated to the client devices of other users.
[0023] An enterprise, as used herein, can be a conglomerate, an
organization, a company, one or more divisions or units within a
company or an organization, and/or the like. The enterprise has a
set of users (e.g., employees). In some embodiments, one or more
enterprises can utilize the facilities of the cloud-based
environment. For example, enterprises can use store their documents
and other content at a datastore or repository of the cloud-based
server. An enterprise admin ("admin") of an organization can manage
users and groups, view and edit all of the organization's files and
folders, set permissions on files and folders, log in to any user's
account within the organization, edit settings for the
organization, run or access reports, manage storage allocations,
and/or the like via a centralized console. For example, an admin
can add or delete users (or user accounts) individually or upload
users in bulk. Once a user has a user account for the enterprise,
the user can, based on permissions, access and/or download
documents stored at the remote datastore, upload documents to the
remote datastore, share and/or collaborate on documents with other
internal (e.g., users of the same enterprise) and/or external users
(e.g., users outside of the enterprise), and/or the like.
[0024] In some embodiments, an enterprise admin may want users of
an enterprise to be able to download and view all of the contents
of a folder marked for synchronization ("sync folder"), but at the
same time restrict them from modifying any of the items in the sync
folder. This may be the case when the enterprise admin wants to
ensure that all the users download and access the same file and
discourage the users from modifying the file and uploading a
modified version of the file, which could result in the modified
version replacing the original version or creating multiple
versions of the file. For example, a sales team of "ABC Design
Company" may want users to download marketing content in "Marketing
Folder" but may not want those users to edit that content and have
the edited content synchronized to everybody else. Thus, to enable
a one-way flow of content from the cloud-based environment to
client devices and to ensure that the marketing content that is
propagated is the most up to date version, the admin assign one or
more permission attributes to a sync item (e.g., a file, a
sub-folder and/or folder marked for synchronization). In various
embodiments, different types of permissions can be imposed on sync
items. Examples of permissions can include, but are not limited to
enabling or disabling the ability to download, upload, edit,
rename, delete, copy, print, move, create, tags, assign tasks,
and/or the like. Such permissions can be imposed by the enterprise
admin, workspace owner, and/or item owners.
[0025] In some embodiments, when a sync item having one or more
permissions imposed thereon is downloaded to a client device, a
component on the client device can monitor user interaction with
the sync item and can detect when a non-permitted interaction
occurs. For example, consider a sync folder that contains a
PowerPoint file. The sync folder can have the following permission
attributes set to true: can download and can delete and the
following permission attributes set to false: can upload, can
rename and can edit. In other words, users can download the sync
folder and delete the sync folder or the PowerPoint file, but
cannot edit, rename or upload the file or the sync folder to the
cloud-based environment. In some embodiments, a sync client on the
client device can detect the permission attributes and mark the
sync folder and/or the PowerPoint file as a "permissioned" sync
item based on the permission attributes. In some embodiments, the
permissioned sync item can have an iconography associated with it
that enables a user to see that the sync item has certain
permissions associated with it. This could prevent the user from
attempting to make changes to the permissioned sync item. In some
embodiments, the sales folder and/or the sales report file can be
marked by the sync client with "restricted" or "read-only" or other
similar designation to enable the operating system and/or other
applications on the client device to recognize that those items are
restricted and disable the restricted features accordingly. For
example, the PowerPoint file can be opened by the PowerPoint
application on the client device, but because of the "read-only"
designation (e.g., based on the permission setting), the PowerPoint
application can disable editing features which would prevent the
user from editing the file.
[0026] Even if editing is disabled for the PowerPoint file, it is
possible for the user to make the file editable by clearing the
permission attributes. Similarly, the user can move another item to
the sync folder or create a new file in the sync folder, thereby
changing the sync folder. To ensure that these changes do not get
uploaded to the cloud-based environment, permission checks can be
performed. Suppose the user edits the PowerPoint file. In some
embodiments, the sync client can attempt to upload the edited file
to the host server of the cloud-based environment. The host server
can perform a permission check on the uploaded file to determine
whether the edit to the file was permitted based on the permission
attributes associated with the file or the sync folder. If the
permission check fails, the host server can reject or fail to sync
that file. In some embodiments, instead of syncing that file, the
host server can rename the file (e.g., as a conflict copy) and
store the file as a conflict copy in the host server so that the
user does not lose the changes made to the file. The host server
can then sync the original file back down to the client device so
that the user has the original file on his or her client
device.
[0027] In some embodiments, some or all of the process of
validating a sync item (e.g., checking the permissions associated
with the sync item) for syncing to the cloud-based server can be
performed client-side based on the permission attributes (e.g.,
metadata) of the file. In some embodiments, the sync client, using
a preflight application program interface (API) can perform a
permission check on the file, without actually uploading the file.
The preflight API can return a result indicating "permission
denied" if the file includes changes that are not permitted based
on the permission attributes associated with the file or the sync
folder. In some embodiments, if the response is "permission
denied," the sync client can repair the change, for example by
undoing the change, downloading the original file, creating a
conflict item or the like, based on the type of change made on the
file and/or the sync folder.
[0028] In some embodiments, some problems can arise when repairing
the changes to a file in a sync folder that can prevent the file
from being downloaded from the host server to a client device.
Those problems can also be detected and repaired by the sync client
to enable one-way flow of synced content from the cloud-based
environment to the client devices.
[0029] In some embodiments, the cloud-based environment can
restrict folder access or restrict collaboration at the enterprise
level. A permission at the folder and enterprise level means that a
user is permitted to send collaboration invitations to only those
people who are within the user's enterprise network. In some
embodiments, enterprise admin or owners can use folder settings to
mark any folder as "safe" to implement the permission. A folder
that is marked safe can be associated with a visible indication or
iconography. In some embodiments, when the user is inside of a
folder that includes internal and external collaborators, the
external collaborators can be identified in that environment so
that the user knows that if the user puts content in that folder,
that content would be visible to people inside and outside the
enterprise.
[0030] When the user sends an invitation to invite other users to
access a folder, the host server can check the folder settings
associated with the folder to determine whether there are any
permission attributes associated with the folder. If, for example,
the permission indicates that collaboration with external users
(e.g., users outside of a group or enterprise), the host server can
check the domain names of the email address of the people being
invited to see they match the domain name of the user. If any of
the users being invited have a different domain name, the host
server can skip inviting those users having different domain names.
In some embodiments, the host server can perform a check every time
a user accesses a folder against a list of collaborators to see if
the user is in or out of the network and display their in/out of
network status.
[0031] In some embodiments, when a user navigates inside a folder,
the user can see the designation between people who are invited at
various sublevels. For example, if the first-level folder is
"Customer Visits" and Joe was only invited into this folder and not
into the parent folder "Visits," the user can view that Joe was
invited specifically at the "Customer Visits" folder level and
Joe's access begins from the "Customer Visits" folder and not from
the parent folder "Visits."
[0032] The following description and drawings are illustrative and
are not to be construed as limiting. Numerous specific details are
described to provide a thorough understanding of the disclosure.
However, in certain instances, well-known or conventional details
are not described in order to avoid obscuring the description.
References to one or an embodiment in the present disclosure can
be, but not necessarily are, references to the same embodiment;
and, such references mean at least one of the embodiments.
[0033] Reference in this specification to "one embodiment" or "an
embodiment" means that a particular feature, structure, or
characteristic described in connection with the embodiment is
included in at least one embodiment of the disclosure. The
appearances of the phrase "in one embodiment" in various places in
the specification are not necessarily all referring to the same
embodiment, nor are separate or alternative embodiments mutually
exclusive of other embodiments. Moreover, various features are
described which can be exhibited by some embodiments and not by
others. Similarly, various requirements are described which can be
requirements for some embodiments but not other embodiments.
[0034] The terms used in this specification generally have their
ordinary meanings in the art, within the context of the disclosure,
and in the specific context where each term is used. Certain terms
that are used to describe the disclosure are discussed below, or
elsewhere in the specification, to provide additional guidance to
the practitioner regarding the description of the disclosure. For
convenience, certain terms can be highlighted, for example using
italics and/or quotation marks. The use of highlighting has no
influence on the scope and meaning of a term; the scope and meaning
of a term is the same, in the same context, whether or not it is
highlighted. It will be appreciated that same thing can be said in
more than one way.
[0035] Consequently, alternative language and synonyms can be used
for any one or more of the terms discussed herein, nor is any
special significance to be placed upon whether or not a term is
elaborated or discussed herein. Synonyms for certain terms are
provided. A recital of one or more synonyms does not exclude the
use of other synonyms. The use of examples anywhere in this
specification including examples of any terms discussed herein is
illustrative only, and is not intended to further limit the scope
and meaning of the disclosure or of any exemplified term. Likewise,
the disclosure is not limited to various embodiments given in this
specification.
[0036] Without intent to limit the scope of the disclosure,
examples of instruments, apparatus, methods and their related
results according to the embodiments of the present disclosure are
given below. Note that titles or subtitles can be used in the
examples for convenience of a reader, which in no way should limit
the scope of the disclosure. Unless otherwise defined, all
technical and scientific terms used herein have the same meaning as
commonly understood by one of ordinary skill in the art to which
this disclosure pertains. In the case of conflict, the present
document, including definitions will control.
[0037] FIG. 1 depicts an example diagram of a system having a host
server 100 of a cloud-based service, collaboration and/or cloud
storage accounts with capabilities that enable synchronization of
items (e.g., files or folders) with permissions imposed by
enterprise admins or enterprise content item owners in a
cloud-based environment. In some embodiments, a synchronization
(sync) server (not shown) can support synchronization of folders
and/or files stored locally on a user's computer with folders
stored by the host server 100 in repository 130.
[0038] The client devices 102 can be any system and/or device,
and/or any combination of devices/systems that is able to establish
a connection, including wired, wireless, cellular connections with
another device, a server and/or other systems such as host server
100. Client devices 102 typically include a display and/or other
output functionalities to present information and data exchanged
between among the devices 102, and/or the host server 100.
[0039] For example, the client devices 102 can include mobile, hand
held or portable devices or non-portable devices and can be any of,
but not limited to, a server desktop, a desktop computer, a
computer cluster, or portable devices including, a notebook, a
laptop computer, a handheld computer, a palmtop computer, a mobile
phone, a cell phone, a PDA, a smart phone (e.g., a BlackBerry
device such as BlackBerry Z10/Q10, an iPhone, Nexus 4, etc.), a
Treo, a handheld tablet (e.g. an iPad, iPad Mini, a Galaxy Note,
Galaxy Note II, Xoom Tablet, Microsoft Surface, Blackberry
PlayBook, Nexus 7, 10 etc.), a phablet (e.g., HTC Droid DNA, etc.),
a tablet PC, a thin-client, a hand held console, a hand held gaming
device or console (e.g., XBOX live, Nintendo DS, Sony PlayStation
Portable, etc.), iOS powered watch, Google Glass, a Chromebook
and/or any other portable, mobile, hand held devices, etc. running
on any platform or any operating system (e.g., Mac-based OS (OS X,
iOS, etc.), Windows-based OS (Windows Mobile, Windows 7, Windows 8,
etc.), Android, Blackberry OS, Embedded Linux platforms, Palm OS,
Symbian platform, Google Chrome OS, and the like. In one
embodiment, the client devices 102, and host server 100 are coupled
via a network 106. In some embodiments, the devices 102 and host
server 100 can be directly connected to one another.
[0040] The input mechanism on client devices 102 can include touch
screen keypad (including single touch, multi-touch, gesture sensing
in 2D or 3D, etc.), a physical keypad, a mouse, a pointer, a track
pad, motion detector (e.g., including 1-axis, 2-axis, 3-axis
accelerometer, etc.), a light sensor, capacitance sensor,
resistance sensor, temperature sensor, proximity sensor, a
piezoelectric device, device orientation detector (e.g., electronic
compass, tilt sensor, rotation sensor, gyroscope, accelerometer),
or a combination of the above.
[0041] Signals received or detected indicating user activity at
client devices 102 through one or more of the above input
mechanism, or others, can be used by various users or collaborators
collaborators 108) for accessing, through network 106, a web-based
collaboration environment or online collaboration platform (e.g.,
hosted by the host server 100). The collaboration environment or
platform can have one or more collective settings 105 for an
enterprise or an organization that the users belong, and can
provide an user interface 104 (e.g., via a webpage application (or
a "web application") accessible by the web browsers of devices 102)
for the users to access such platform under the settings 105.
Additionally or alternatively, a client software 110 ("sync
client") that is native to the cloud collaboration platform can be
provided (e.g., through downloading from the host server 100 via
the network 106) to run on the client devices 102 to provide
cloud-based platform access functionalities. The users and/or
collaborators can access the collaboration platform via a client
software user interface 104, which can be provided by the execution
of the client software on the devices 102.
[0042] The collaboration platform or environment hosts workspaces
with work items that one or more users can access (e.g., view,
edit, update, revise, comment, download, preview, tag, or otherwise
manipulate). A work item can generally include any type of digital
or electronic content that can be viewed or accessed via an
electronic device (e.g., device 102). The digital content can
include .pdf files, .doc, slides (e.g., PowerPoint slides), images,
audio files, multimedia content, web pages, blogs, etc. A workspace
can generally refer to any grouping of a set of digital content in
the collaboration platform. The grouping can be created,
identified, or specified by a user or through other means. This
user can be a creator user or administrative user, for example.
[0043] In general, a workspace can be associated with a set of
users or collaborators (e.g., collaborators 108) which have access
to the content included therein. The levels of access (e.g., based
on permissions or rules) of each user or collaborator to access the
content in a given workspace can be the same or can vary among the
users. Each user can have their own set of access rights to every
piece of content in the workspace, or each user can be different
access rights to different pieces of content. Access rights can be
specified by a user associated with a workspace and/or a user who
created/uploaded a particular piece of content to the workspace, or
any other designated user or collaborator.
[0044] In general, the collaboration platform allows multiple users
or collaborators to access or collaborate efforts on work items
such each user can see, remotely, edits, revisions, comments, or
annotations being made to specific work items through their own
user devices. For example, a user can upload a document to a
workspace for other users to access (e.g., for viewing, editing,
commenting, signing-off or otherwise manipulating). The user can
login to the online platform and upload the document (or any other
type of work item) to an existing workspace or to a new workspace.
The document can be shared with existing users or collaborators in
a workspace.
[0045] In general, network 106, over which the client devices 102
and the host server 100 communicate can be a cellular network, a
telephonic network, an open network, such as the or a private
network, such as an intranet and/or the extranet, or any
combination or variation For example, the Internet can provide file
transfer, remote log in, email, news, RSS, cloud-based services,
instant messaging, visual voicemail, push mail, VoIP, and other
services through any known or convenient protocol, such as, but is
not limited to the TCP/IP protocol, Open System Interconnections
(OSI), FTP, UPnP, iSCSI, NSF, ISDN, PDH, RS-232, SDH, SONET,
etc.
[0046] The network 106 can be any collection of distinct networks
operating wholly or partially in conjunction to provide
connectivity to the client devices 102 and the host server 100 and
can appear as one or more networks to the serviced systems and
devices. In one embodiment, communications to and from the client
devices 102 can be achieved by, an open network, such as the
Internet, or a private network, such as an intranet and/or the
extranet. In one embodiment, communications can be achieved by a
secure communications protocol, such as secure sockets layer (SSL),
or transport layer security (TLS).
[0047] In addition, communications can be achieved via one or more
networks, such as, but are not limited to, one or more of WiMax, a
Local Area Network (LAN), Wireless Local Area Network (WLAN), a
Personal area network (PAN), a Campus area network (CAN), a
Metropolitan area network (MAN), a Wide area network (WAN), a
Wireless wide area network (WWAN), enabled with technologies such
as, by way of example, Global System for Mobile Communications
(GSM), Personal Communications Service (PCS), Digital Advanced
Mobile Phone Service (D-Amps), Bluetooth, Wi-Fi, Fixed Wireless
Data, 2G, 2.5G, 3G, 4G, IMT-Advanced, pre-4G, 3G LTE, 3GPP LTE, LTE
Advanced, mobile WiMax, WiMax 2, WirelessMAN-Advanced networks,
enhanced data rates for GSM evolution (EDGE), General packet radio
service (GPRS), enhanced GPRS, iBurst, UMTS, HSPDA, HSUPA, HSPA,
UMTS-TDD, 1.times.RTT, EV-DO, messaging protocols such as, TCP/IP,
SMS, MMS, extensible messaging and presence protocol (XMPP), real
time messaging protocol (RTMP), instant messaging and presence
protocol (IMPP), instant messaging, USSD, IRC, or any other
wireless data networks or messaging protocols.
[0048] In some embodiments, the host server 100 and/or the sync
client 110 enables enterprise admins and/or content owners to
selectively impose permissions on synced files and folders on
client devices. The permissions on the sync items can prevent a
user from taking certain actions on those items once they are
downloaded to the user's client device from the host server. In
some embodiments, even if the user takes certain actions on the
sync items that are not permitted, the sync client 110 and/or the
host server 100 can detect the changes that are inconsistent with
or not permitted and reject those changes. The sync client 110 can
also undo or repair the changes on the sync items. All of these
actions ensure a one way flow of content from the host server 100
to the client device. This has the advantage of providing the most
up to date content to users, with the host server 100 as the
authoritative source of content. In some embodiments, by handling
changes made locally that are not permitted or inconsistent with
the permission settings, the sync client 110 can restore the
changed files to their original form, without losing any local work
and while reducing the amount of data transmitted back and forth
between the client device and the host server 100.
[0049] FIG. 2 depicts an example diagram of a web-based or online
collaboration platform deployed in an enterprise or other
organizational setting 250 for organizing work items 215, 235, 255
and workspaces 205, 225, 245.
[0050] The web-based platform for collaborating on projects or
jointly working on documents can be used by individual users and
shared among collaborators. In addition, the collaboration platform
can be deployed in an organized setting including but not limited
to, a company (e.g., an enterprise setting), a department in a
company, an academic institution, a department in an academic
institution, a class or course setting, or any other types of
organizations or organized setting.
[0051] When deployed in an organizational setting, multiple
workspaces (e.g., workspace A, B C) can be created to support
different projects or a variety of work flows. Each workspace can
have its own associate work items. For example, workspace A 205 can
be associated with work items 215, workspace B 225 can be
associated with work items 235, and workspace N can be associated
with work items 255. The work items 215, 235, and 255 can be unique
to each workspace but need not be. For example, a particular word
document can be associated with only one workspace (e.g., workspace
A 205) or it can be associated with multiple workspaces (e.g.,
Workspace A 205 and workspace B 225, etc.).
[0052] In general, each workspace has a set of users or
collaborators associated with it. For example, workspace A 205 is
associated with multiple users or collaborators 206. In some
instances, workspaces deployed in an enterprise can be department
specific. For example, workspace B can be associated with
department 210 and some users shown as example user A 208 and
workspace N 245 can be associated with departments 212 and 216 and
users shown as example user B 214.
[0053] Each user associated with a workspace can generally access
the work items associated with the workspace. The level of access
will depend on permissions associated with the specific workspace,
and/or with a specific work item. Permissions can be set for the
workspace or set individually on a per work item basis. For
example, the creator of a workspace (e.g., one of user A 208 who
creates workspace B) can set one permission setting applicable to
all work items 235 for other associated users and/or users
associated with the affiliate department 210, for example. Creator
user A 208 can also set different permission settings for each work
item, which can be the same for different users, or varying for
different users.
[0054] In each workspace A, B . . . N, when an action is performed
on a work item by a given user or any other activity is detected in
the workspace, other users in the same workspace can be notified
(e.g., in real time or in near real time, or not in real time).
Activities which trigger real time notifications can include, by
way of example but not limitation, adding, deleting, or modifying
collaborators in the workspace, uploading, downloading, adding,
deleting a work item in the workspace, creating a discussion topic
in the workspace.
[0055] In some embodiments, items or content downloaded or edited
can cause notifications to be generated. Such notifications can be
sent to relevant users to notify them of actions surrounding a
download, an edit, a change, a modification, a new file, a
conflicting version, an upload of an edited or modified file.
[0056] In one embodiment, in a user interface to the web-based
collaboration platform where notifications are presented, users
can, via the same interface, create action items (e.g., tasks) and
delegate the action items to other users including collaborators
pertaining to a work item 215, for example. The collaborators 206
can be in the same workspace A 205 or the user can include a newly
invited collaborator. Similarly, in the same user interface where
discussion topics can be created in a workspace (e.g., workspace A,
B or N, etc.), actionable events on work items can be created
and/or delegated/assigned to other users such as collaborators of a
given workspace 206 or other users. Through the same user
interface, task status and updates from multiple users or
collaborators can be indicated and reflected. In some instances,
the users can perform the tasks review or approve or reject, etc.)
via the same user interface.
[0057] FIG. 3A depicts an example diagram of a workspace 302 in an
online or web-based collaboration environment accessible by
multiple collaborators 322 through various devices.
[0058] Each of users 316, 318, and 320 can individually use
multiple different devices to access and/or manipulate work items
324 in the workspace 302 with which they are associated with. For
example users 316, 318, 320 can be collaborators on a project to
which work items 324 are relevant. Since the work items 324 are
hosted by the collaboration environment (e.g., a cloud-based
environment), each user can access the work items 324 anytime, and
from any physical location using any device (e.g., including
devices they own or any shared/public/loaner device).
[0059] Work items to be edited or viewed can be accessed from the
workspace 302. Users can also be notified of access, edit,
modification, and/or upload related-actions performed on work items
324 by other users or any other types of activities detected in the
workspace 302. For example, if user 316 modifies a document, one or
both of the other collaborators 318 and 320 can be notified of the
modification in real time, or near real-time, or not in real time.
The notifications can be sent through any of all of the devices
associated with a given user, in various formats including, one or
more of, email, SMS, or via a pop-up window in a user interface in
which the user uses to access the collaboration platform. In the
event of multiple notifications, each notification can be depicted
preferentially (e.g., ordering in the user interface) based on user
preferences and/or relevance to the user (e.g., implicit or
explicit).
[0060] For example, a notification of a download, access, read,
write, edit, or uploaded related activities can be presented in a
feed stream among other notifications through a user interface on
the user device according to relevancy to the user determined based
on current or recent activity of the user in the web-based
collaboration environment.
[0061] In one embodiment, the notification feed stream further
enables users to create or generate actionable events (e.g., as
task) which are or can be performed by other users 316 or
collaborators 322 (e.g., including admin users or other users not
in the same workspace), either in the same workspace 302 or in some
other workspace. The actionable events such as tasks can also be
assigned or delegated to other users via the same user
interface.
[0062] For example, a given notification regarding a work item 324
can be associated with user interface features allowing a user 316
to assign a task related to the work item 324 (e.g., to another
user 316, admin user 318, creator user 320 or another user). In one
embodiment, a commenting user interface or a comment action
associated with a notification can be used in conjunction with user
interface features to enable task assignment, delegation, and/or
management of the relevant work item or work items in the relevant
workspaces, in the same user interface.
[0063] FIG. 3B depicts an abstract diagram illustrating an example
data structure of the folders and files in the workspace 302 of
FIG. 3A. As illustrated in FIG. 3B, work items 324 of FIG. 3A can
be further organized into groups using one or more folders 342
within workspace 302. The folders 342 can have more than one levels
of hierarchy including, for example, parent/ascendant folder(s),
child/decedent folder(s) or subfolder(s), and/or sibling folder(s).
A person having ordinary skill in the art will understand that
terminologies describing the hierarchy of the folders are used in a
relative sense. For example, a parent folder can be a child folder
of a grandparent folder, a particular child folder can be a parent
folder of a grandchild folder, and so on. It is noted that the
illustration of the folders are merely exemplary; depending on the
embodiments, there can be more than one level of hierarchy between
the illustrated folders.
[0064] FIG. 3C depicts an example system block diagram showing the
interaction between server-side components for incrementally
updating a sync client 110 with events or actions that occurred via
a cloud-based platform.
[0065] The server-side includes front end components 350A-N, a
database 355, a dispatcher 358, one or more processors 3560A-N, and
a second database (e.g., HBase 360). The front end components
350A-N can interface with client devices to detect/identify actions
or transactions or events. The data or file change that occur as a
result of the event is effectuated in the database 355 of the cloud
based environment (e.g., the relevant changes are made in the file
table 352 of the database 355).
[0066] Depending on the type of action or event, an action log
entry can be created and stored in the action log table or action
log 354. In general, the front end 350 determines whether an action
log entry is created from a given action or transaction. In
general, an action log entry can be created for an action or event
if certain durability requirements are to be met. The dispatcher
358 reads the action log entries from the action log 354 and sends
them to the processors 356A-N where the fan-out, or collaborators
to be notified of the event or to receive the file/data change as a
result of the event is determined. Based on the computed fan-out or
identified collaborators, the processors 356A-N writes the
events/transactions to the relevant queues in the second database
360, from which the remote clients can read.
[0067] It is noted also that the action log 354, the dispatcher
358, the processors 356A-N, the HBase 360, and one or more real
time clients 380A-N (see FIG. 3D) are generally referred to as an
"action log framework (ALF) 370." More specifically, HBase 360 is a
primary data repository of the ALF 370. User actions initiated
(e.g., via the web application or the API) result in rows (or
action log entries) being written to the action log 354 (or action
log table 354). Then, in some embodiments, the action log entries
are read from action log 354 by the ALF dispatcher 358,
de-normalized into separate entries per user that needs to be
notified of the action by an ALF processor (e.g., processor 356A),
and written to the HBase 360. The HBase 360 is in turn read (e.g.,
via an API web service call) by real time clients 380A-N to notify
a collaborator of the new change.
[0068] FIG. 3D depicts an example block diagram showing the
interaction of remote clients 380A-N and 370A-N with a distributed
database cluster 360 for incremental updates of events/actions
which occurred at a cloud-based environment. The remote clients can
include, for example real time clients 380A-N (e.g., real-time web
clients launched via a web browser, mobile application), and sync
clients 110A-N (e.g., desktop synchronization, mobile
synchronization, server synchronization, etc.) that users or
collaborators use to interface/access the cloud-based environment
including, but not limited to, a collaboration environment. Other
types of clients may also read from the database cluster 360.
[0069] The queues in the database 360 (e.g., the distributed
database cluster) are usually client type specific. For example,
each queue is for a given client type for one given user. So, a
user `A` may have a synchronization client queue that all of the
synchronization clients that user "A" uses reads from since user
"A" may have multiple devices on which synchronization clients are
installed. In general, the queues for clients in the database 360
are read only queues such that multiple clients can read from the
same queue without making modifications. In this manner, if a user
utilizes multiple synchronization clients, each client can still
receive and detect the respective updates such that multiple
devices can be synchronized. The remote clients also typically
individually track the location in the queue from which they last
read such that only the most recent events are updated at the
client, and that the events read from a queue is specific to a
given client, dependent on what has previously been synchronized or
read.
[0070] In one embodiment, synchronization clients 110 connect to
both real-time 380 and API front end 395 machines. The real time
machines 380 can notify a synchronization client 110 when there has
been an update in a user's account. The synchronization client 110
can then connect to API front end machine 395 to obtain the actual
change/content. Alternatively, in some instances, the
synchronization clients 110 can also obtain the
changes/content/updates from the real time machines 380
simultaneous with the notification, or after being notified.
[0071] FIG. 4 depicts an example diagram illustrating syncing of
items in a workspace between a client device 102 and a host server
100 in the cloud-based environment. As illustrated, normally an
item 405 in a workspace in the cloud-based environment that is
marked for sync, can be downloaded from the host server 100 to the
client device 102 via a sync client 110 on the client device 102.
The syncing can occur whenever the item 405 is modified so that the
client device 102 has the most up to date copy of the item 405. If
a user of the client device 102 is an owner or an editor of the
item 405, then the user has full read and write access to the item
405. The user can therefore modify the item 405 after it has been
downloaded to the client device 102. The modified item 410 can be
then be synced back to the host server 100 by the sync client 110
as a way to ensure the most up to date version of the item is
available for access by other users having access to the
workspace.
[0072] In accordance with the embodiments disclosed herein, the
workspace in the cloud-based environment 110 can also include a
permissioned sync item 415. As used herein, a permissioned sync
item is an item (e.g., a file or a folder) that is marked for sync
and has one or more permission attributes associated with it. In
some embodiments, an enterprise admin or an item owner can assign
the sync and permission attribute to an item. The permissioned sync
item 415 can thus be synced to the client device 102 via the sync
client 110. In some embodiments, the permissioned sync item 415 can
be clearly identified as such using an iconography so that the user
of the client device 102 can recognize it as a sync item having a
permission attribute. In some embodiments, based on the permission
attribute associated with it, file system attributes of the
permissioned sync item 415 can be modified so that an application
used to open the permissioned sync item can disable certain
features of the application to comply with the permission
attribute. For example, if the permissioned sync item 415 has a
permission attribute for edit set to false (i.e., edit not
allowed), the sync client 110 can change the file system attribute
of the item to "read-only." This would, in turn, cause an
application to open the permissioned sync item 415 as a read-only
item and disable editing features of the application.
[0073] In accordance with the present disclosure, a sync item can
have one or more permission attributes associated with it. The
permission attributes can be assigned to the sync item by an
enterprise admin in some embodiments and can be applicable to all
users or a select group of users (e.g., employees in the marketing
department) managed by the enterprise admin. In other embodiments,
the permission attributes can be assigned to a sync item by a
co-owner who has owner permissions. Table 1 below provides some
examples of permission attributes that an enterprise admin and/or
item co-owners can assign to sync items.
TABLE-US-00001 TABLE 1 Permissions on Sync Items Permission
Attributes on Sync Items Explanation Preview only Can preview sync
items using an integrated content viewer. Read only Can preview and
view sync items Read-write Can read sync items and can edit, can
upload, can delete, can rename, can move, can create Create Can
create a new item in the sync item Delete Can delete a sync item
Move Can move a sync item to another location or can move a local
item into the sync item Rename Can rename a sync item Edit Can edit
a sync item Tags Can add tags to a sync item Assigning tasks Can
assign tasks to others on a sync item Creating links Can create
links for sharing sync items Creating bookmarks Can create a
bookmark on a sync item Device pinning Set a number of sync client
a user can install Multiple devices Control a number of devices
that a user can have for accessing a sync item (and/or an account
in general) can be accessed External Can restrict collaboration
with users collaboration external to the enterprise Number of
accounts Control a number of accounts that can access a sync item
Mobile device Can restrict a user from accessing a sync item from a
mobile device. Third-party Control a user's access to third-party
application applications for accessing or modifying a sync
item.
[0074] It should be noted that a user can perform or attempt to
perform some of the actions listed in table 1 via the web
application or a mobile application, while other actions can
involve interaction with a local sync folder in the client device.
For example, if permitted, a user can assign a task on a sync item
to another user or collaborator using the web application or the
mobile application. Similarly, the user can edit a local item in a
sync folder on the client device and if permitted, the edited item
can be synced back to the host server.
[0075] Referring to FIG. 4, it can be possible for the user to edit
the permissioned sync item 415 to obtain a modified permissioned
sync item 420. For example, if the permissioned sync item 415 is a
folder, a new file can be created or moved inside the folder which
would modify the sync item 415. Similarly, a file in the folder can
be deleted, a file or the folder can be renamed, a file can be
edited, and so on. In some embodiments, when the sync client 110
attempts to upload the modified permissioned sync item 420 to the
host server 100, the host server 100 can provide an error response
rejecting the modified permissioned sync item 420 (e.g., fail the
sync event). The sync client 110 on the client device 102 can then
handle the error response so that the permissioned sync item 415 is
stored locally on the client device 102. The method of handling the
error response can depend on the type of action taken on the
permissioned sync item 415. FIGS. 6-10 describe various methods of
handling the error response for example actions taken on the
permissioned sync item 415.
[0076] FIG. 5A depicts an example diagram illustrating components
of a client device 102 having a sync client 110 of the cloud-based
environment that is capable of preventing changes made to a
permissioned sync item from being uploaded to the host server in
the cloud-based environment and for handling those changes made
locally.
[0077] In some embodiments, the client device 102 can include a bus
505 and a memory 510 among other components. The memory 510 can
include a communication module 515, a permission cache 565 and a
sync client 110. The communication module 515 can facilitate
communication between the client device 102 and the host server 100
using any of the communication protocols supported by the client
device 102 and the host server 100. The memory 510 may also include
other device modules such as a GPS module for determining and
providing location information, text input module for accepting and
processing inputs provided using different input mechanisms of the
mobile device, and the like for handling various functions of the
client device 102. Additional or less components/modules/engines
can be included in the client device 102 and each illustrated
component.
[0078] The bus 505 is a subsystem for transferring data between the
components of the client device 102. For example, the bus 505 can
facilitate the transfer of data between the memory 510 and other
components of the client device 102 such as the processor and/or
the input/output components that utilize the data.
[0079] As used herein, a "module," "a client," "a monitor," a
"handler," a "listener," a "marker," or a "manager" can include a
general purpose, dedicated or shared processor and, typically,
firmware or software modules that are executed by the processor.
Depending upon implementation-specific or other considerations, the
module, client, monitor, handler, listener, marker or manager can
be centralized or its functionality distributed. The module,
client, monitor, handler, listener, marker or manager can include
general or special purpose hardware, firmware, or software embodied
in a computer-readable (storage) medium for execution by the
processor. As used herein, a computer-readable medium or
computer-readable storage medium is intended to include all media
that are statutory (e.g., in the United States, under 35 U.S.C.
.sctn.101), and to specifically exclude all media that are
non-statutory in nature to the extent that the exclusion is
necessary for a claim that includes the computer-readable (storage)
medium to be valid. Known statutory computer-readable mediums
include hardware (e.g., registers, random access memory (RAM),
non-volatile (NV) storage, to name a few), but may or may not be
limited to hardware.
[0080] In some embodiments, the sync client 110 can include a file
system monitor 525 having a listener 530 and a client sync
permissions manager 540 having a local item marker 545, a
permission checking module 550 and a recovery handler 555 having a
notification manager 560 and a recovery failure handler 570. The
permission attributes and/or any other item attributes can be
cached locally in the permission cache 565.
[0081] In some embodiments, the file system monitor 525, via the
listener 530, can receive new events reported from the host server
100 (e.g., via the ALF system described in FIGS. 3C and 3D). In
some embodiments, the client sync permissions manager 540 can
manage permissions associated with synced items. The client sync
permissions manager 540 can also perform permission checks with the
host server 100 (e.g., via APIs) to determine whether a change to a
permissioned sync item is permitted or denied. If permitted, the
changed item can be uploaded to the host server 100. However, if
denied, the client sync permissions manager 540 can handle the
error response from the host server 100 to restore the item to its
original state. In some embodiments, the client sync permissions
manager 540 can also handle any failures in restoring the item to
its original state.
[0082] In some embodiments, the local file system marker 545 can
mark an item on a client device based on a permission attribute to
indicate that the item has the permission attribute. In some
embodiments, the local file system marker 545 can also mark an item
on the client device based on a sync attribute to indicate that the
item is a sync item. In further embodiments, the local file system
marker 545 can receive or detect a change to the permission
attribute of the sync item (e.g., via events received by the file
system monitor 525) and in response, dynamically update the marking
on the sync item on the client device based on the change to the
permission attribute.
[0083] Generally, the local file system (i.e., the file system on
the client device 102) does not reflect the permission attributes
of a sync item on the host server. For example, if a file is
read-only on the host server, does not mean that the file would be
read-only on the local file system as well. The local item marker
545 can use the permission attribute to change one or more local
file system attributes so that the file has the same permission
attribute locally as well as remotely. In other words, local item
marker 545 ensures that the local file reflects the state of the
file in the host server 100. As a result of the change in the local
file system attribute, when the user opens the file in an
application, the application can indicate to the user that the file
has a certain permission attached to it and can disable the
restricted features. For example, if the file is "read-only," then
the application can indicate to the user that the file is read-only
and can disable editing features of the application so that the
file cannot be edited.
[0084] The local item marker 545, in some embodiments, can receive
the permission attributes in response to a call to get the
folders/files in the user's account. The call can return a folder
listing and/or files in each folder along with attributes of the
folders and/or files (e.g., permission attributes). In some
embodiments, changes in the permission attributes can be reported
by the ALF system to allow the changes in permissions on the host
server 100 to be synced to the local file system. The local file
system marker 545 can clear and/or set local file system attributes
based on the permission changes on the host server 110. The setting
of the local file system attributes, in some embodiments, can be
efficient and fast because the local file system marker 545 can
mark all the files in the sync folder using the appropriate local
file system attribute or setting and does not need to track the
"waterfall" permissions (e.g., a permission model where a user has
access to a folder that he or she is invited into and any
subfolders beneath it). In some the local file system marker 545
can receive permissions changes at the sub-folder level and/or file
level from the ALF. Alternatively, if permission changes only for
the top level of the sync folder is received, spidering may be done
to determine the permission changes for sub-folders beneath the
sync folder and that can be replicated in the permission cache
565.
[0085] In some embodiments, the local item marker 545 can cache the
permission attributes in the permission cache 565 by an identifier.
If asked about a folder that is not in the cache a query can be
made for the permissions on the host server and the result can be
added to the permission cache 565. When a file has finished
downloading, the local item marker 545 can check the permission
attributes of the owning folder or the file (via the permission
cache 565) and the set the local file system attribute
appropriately before moving the file into the sync folder.
[0086] The user can of course force their way through by clearing
the bit. They can also create new content or move files, so marking
the sync folder and/or content therein as permissioned may not be
enough protection against unpermitted action. The permission
checking module 550 and the recovery handler 555 can detect and
reverse the unpermitted changes to the sync item.
[0087] In some embodiments, the permission checking module 550 can
detect any changes to a sync item and can check with the host
server 100 whether those changes to the sync item are permitted. By
checking against the host server 100, the permission checking
module 550 ensures that the check is based on the most up to date
information. In some embodiments, the permission check can be
performed using permission information cached in the permission
cache 565. If the information is not available in the permission
cache 565, a query can be made to the host server 100 and the
response can be added to the permission cache 565. The permission
cache 565, in some embodiments, can be updated when the permission
changes occur at the host server 100 and those permission changes
are received via the ALF or by querying the account tree. The
permission checking module 550 can obtain a success message or a
permission denied error message. The success message is received
when the changes to the sync item are permitted based on the
permission attributes associated with the sync item. Alternatively,
the permission denied error can be received when the changes to the
sync item are not permitted.
[0088] In some embodiments, the recovery handler 555 can handle
locally the changes to the sync items that have been rejected by
the host server 100 to restore the sync item to its previous state.
For example, if an edit to a sync item has been rejected by the
host server 100, the recovery handler 555 can create a conflict
copy of the edited item and download an original copy of the sync
item from the host server 100. Example cases and how the recovery
handler handles those cases are described in detail with respect to
FIG. 6.
[0089] In some embodiments, the steps taken by the recovery handler
555 could fail. For example, for the edit case above the creation
of the conflict copy could fail due to disk space. Similarly,
download of the original sync item could fail due to communication
failure or the item having been deleted from the host server 100.
Each of these "sub-failures" in the recovery handler 555 can be
dealt with by the recovery failure handler 570. Table 2 below lists
some example errors encountered and resolution action taken by the
recovery failure handler 570 when recovering from example events
related to editing, deleting, moving and creating.
TABLE-US-00002 TABLE 2 Recovery Failures Recovery Failure Errors
Edit Delete Move Create PERMISSION_ERROR Problem item: Problem
item: Problem item: Problem item: Edited item cannot be Original
item Sync item Can only moved and the original could not be could
not be encounter this item could not be downloaded moved back. in
the downloaded even if the from the host Retry until permission-
edited item could be server. the move error- moved. fails. masking-
name-in-use case. New item could not be downloaded. Item doesn't
exist on host No operation ("No-op") No-op No-op No-op server:
ITEM_DELETED OPPOSITE_ITEM_DELETED ITEM_NAME_IN_USE Not possible.
Move the Move the Make a blocking item blocking item conflict aside
on local aside on local rename to fs and retry. fs and retry. move
the item out of the way. VERSION_MISMATCH Something modified the
Not possible. The user Not possible.. file after an edit. Retry
Download moved the and wait for the other will bring file during
edit to collapse. down latest resolution. (or most Retry and
recent) wait for the version. user's new move to collapse.
PARENT_ITEM_DELETED Not possible. Not possible. Not possible. Not
possible. RATE_LIMIT Retry after Retry after Retry after Retry
after wait, wait wait, wait wait, wait wait, wait max(default
max(default max(default max(default wait, rate wait, rate wait,
rate wait, rate limit wait) limit wait) limit wait) limit wait)
Expected general errors: Else case: Else case: Else case: Else
case: AUTHENTICATION_ERROR, Retry after Retry after Retry after
Retry after COMMUNICATION_ERROR, wait wait wait wait
TRANSIENT_ERROR, BAD_REQUEST_ERROR, ITEM_NOT_FOUND,
OPPOSITE_ITEM_NOT_FOUND, UNEXPECTED_ERROR, Unexpected general
errors Else case: Else case: Else case: Else case: Retry after
Retry after Retry after Retry after wait wait wait wait
[0090] In some embodiments, the notification manager 560 can
generate a notification (e.g., a growl notification) when an action
on a sync item is rejected or denied or when the action is altered
or reverted because the action is not permitted on the sync item.
Example titles and messages for actions or operations that may not
be permitted on a sync item in some embodiments are listed in Table
3 below.
TABLE-US-00003 TABLE 3 Notification Messages Message Actions Title
Message Create Create not The <item name> could not be
created on the allowed host server. Move the <item name> to a
folder where you have upload permission. Delete Delete not The
<item name> could not be deleted on the allowed host server.
It has been restored. Edit Edit not The <item name> could not
be edited on the host allowed server. It has been restored. A copy
of the changed file was saved to <item name -copy>. Move Move
not The <item name> could not be moved on the host allowed
server. It has been restored. Rename Rename not The <item
name> could not be renamed on the allowed host server. It has
been restored.
[0091] In some embodiments, the cross-queue filter lock module 575
can provide a locking mechanism to prevent local and host server
events on the same item from executing at the same time. One reason
is that the recovery for a local event can involve host server
calls (e.g., download of a sync item) and these could proceed at
the same time as a host server event in the remote file system
queue. When an item is mapped in the LSIS, the sync event queue can
use a lock on the sync item to prevent the opposite queue from
processing events for the same sync item at the same time. The
cross-queue locking does not affect concurrency in any significant
way and can reduce timing problems with the sync event
execution.
[0092] FIG. 5B depicts an example diagram illustrating components
of the host server 100 of the cloud-based environment that is
capable of performing permission checks to prevent any changes to a
sync item that are not permitted based on permission attributes of
the sync item in the cloud-based environment.
[0093] As illustrated, in some embodiments, the host server 100 can
include a network interface 580, a memory 582 storing a user
interface module 584, an admin console module 586, a sync
permissions manager 588, a permission attribute determination
module 590, a permission checking module 594, a remote item marker
592 and a sub-level permission tracking module 596.
[0094] As used herein, a "module," a "manager," or a "marker"
includes a general purpose, dedicated or shared processor and,
typically, firmware or software modules that are executed by the
processor. Depending upon implementation-specific or other
considerations, the module, manager, interface, or engine can be
centralized or its functionality distributed. The module, manager,
or marker can include general or special purpose hardware,
firmware, or software embodied in a computer-readable (storage)
medium for execution by the processor. As used herein, a
computer-readable medium or computer-readable storage medium is
intended to include all media that are statutory (e.g., in the
United States, under 35 U.S.C. .sctn.101), and to specifically
exclude all media that are non-statutory in nature to the extent
that the exclusion is necessary for a claim that includes the
computer-readable (storage) medium to be valid. Known statutory
computer-readable mediums include hardware (e.g., registers, random
access memory (RAM), non-volatile (NV) storage, to name a few), but
may or may not be limited to hardware.
[0095] The network interface 580 can be a networking module that
enables the host server 100 to mediate data in a network with an
entity that is external to the host server 100, through any known
and/or convenient communications protocol supported by the host and
the external entity. The network interface 580 can include one or
more of a network adaptor card, a wireless network interface card
(e.g., SMS interface, Wi-Fi interface, interfaces for various
generations of mobile communication standards including but not
limited to 1G, 2G, 3G, 3.5G, 4G, LTE, etc.,), Bluetooth, a router,
an access point, a wireless router, a switch, a multilayer switch,
a protocol converter, a gateway, a bridge, bridge router, a hub, a
digital media receiver, and/or a repeater.
[0096] In accordance with some embodiments, the host server 100 can
receive an instruction to perform an action on a sync item stored
in a workspace hosted by the host server 100. In some embodiments,
the instruction can be sent from a web application user interface
(e.g., user interface 104 in FIG. 1) and received by the user
interface module 584. In some additional or alternative
embodiments, the instruction can be sent from a client software
user interface (e.g., user interface 107 of FIG. 1) and received by
the network interface 580. The sync item can be a folder or a file
that is enabled for sync. Although various aspects of the host
server 100 are described herein in the context of sync items having
permissions, these aspects can be applicable for items having
permissions that are not enabled for sync.
[0097] The admin console module 586 can provide a user interface
for enterprise admins to obtain an overview of user accounts,
manage user accounts (e.g., add or delete user accounts, configure
permissions for users, set a security attribute on items, set
permission attributes on items (e.g., sync items) and/or the like.
For example, an enterprise admin can, via the admin console,
provided by the admin console module 586 set "can sync" as a
security attribute on an item to allow users to sync the item to
their client devices. Similarly, the enterprise admin can, via the
admin console, set permission attributes to a sync item (and/or an
item not marked for sync). The permission attributes can be a part
of folder settings in some embodiments. The permission attributes
can be stored in a permission attributes database table 598.
[0098] In some embodiments, the sync permissions manager 598 can
allow or deny requests to take an action on a sync item based on
one or more permissions associated with the sync item. The action
detector 593 can detect, based on an instruction received by the
user interface module 584 or through the network interface 580, an
attempt by a user to take an action on a sync item at the host
server 100. The action can be any action such as those listed in
table 1, or any action on a sync item that is supported by the host
server 100. In some embodiments, the permission attribute
determination module 590 can retrieve permission attributes
associated with the sync item from the permission attributes
database table 598. In some embodiments, permission attribute
determination module 590 or another module can also determine an
access level of the user. For example, the user can be a
co-owner/editor (e.g., a user who can upload, download, preview,
get link, edit, delete, invite new collaborators, change access
levels of existing collaborators), viewer-uploader (e.g., can
upload, download, preview, get link, add comments),
previewer-uploader (e.g., can upload, preview, add tags, comment),
viewer (e.g., download, preview, get link), previewer (e.g., can
preview) or uploader (e.g., can upload).
[0099] In some embodiments, the permission checking module 594 can
perform a permission check to determine whether the action on the
sync item by the user is permitted based on the one or more
permission attributes associated with the sync item. In some
embodiments, the access level of the user can also be considered in
performing the permission check. For example, if the user is a
viewer-uploader, the user can have full read access to the sync
item and limited write access (e.g., can add tags, invite new
collaborators or delete). If the sync item has a permission
attribute that allows adding or editing a tag but does not allow
inviting new collaborators, deleting or uploading the sync item,
then the viewer-uploader can only add or edit a tag on the sync
item. If the action that the viewer-uploader is attempting to
perform is "inviting new collaborators," then permission checking
module 594 can determine, based on the permission attribute
associated with the sync item that "inviting new collaborators" is
not permitted. The permission checking module 594 can then generate
a permission denied error. The notification manager 595 can
generate a notification message for display on the user interface
of the client device of the user. If the action is allowed based on
the permission attribute associated with the sync item and/or user
access level, then the permission checking module 594 can allow the
user to perform the action on the sync item.
[0100] In some embodiments, the remote item marker 592 can mark a
sync item (e.g., a folder) based on the permission attributes
associated with it. For example, if a sync folder's permission
attribute "can invite external collaborators" is set to false, then
the sync folder can be marked as a safe folder using iconography
that provides a clear visual indication that the sync folder is
only for internal collaborators (i.e., collaborators within an
enterprise).
[0101] In some embodiments, the sub-level collaborator tracking
module 596 can track and identify collaborators at various
sub-levels of a sync item for display on a user interface provided
by the user interface module 584 or a client software application.
For example, if a folder A includes a sub-folder A-1 and a
sub-folder A-2 and users 1-5 are collaborators in sub-folder A-1
and users 4-8 are collaborators in sub-folder A-2, then the
collaborators at each sub-folder level can be clearly identified to
indicate that a specific user's access begins at a specific
sub-folder level.
[0102] FIG. 6 depicts an example diagram illustrating a method 600
of detecting and handling different types of actions on or changes
made to a permissioned sync item on a client device.
[0103] In some embodiments, the sync client 110 can detect that a
new item has been created inside a permissioned sync folder at
block 610. The sync client 110 can then attempt to sync the new
item to the host server 100 at block 612. At block 615, the sync
can fail with a permission denied error. The new item then becomes
a problem item. The sync client 110 can then (optionally) move the
new item (or problem item) to another location at block 620. The
sync client 110 can also (optionally) mark the new item at block
625. For example, the new item can be marked with an icon, a color,
etc. Any indicator can be used to mark the new item. Lastly, the
sync client 110 can generate a permission denied message to the
user and take an action to revert to the previous state of the
permissioned sync folder at block 650.
[0104] In some embodiments, the sync client 110 can detect that an
item in the permissioned sync folder has been edited at block 630.
The sync client 110 can then attempt to upload the edited item to
the host server at block 635. At block 638, the sync client 110 can
receive a permission denied error. The sync client 110 can then
make a conflict copy of the edited item at block 640 and can mark
the edited item (e.g., with an icon) at block 645. At block 646,
the original item that was edited from the host server can be
downloaded. The sync client 110 can also generate a permission
denied message to the user and take an action to revert to the
previous state of the permissioned sync folder at block 650. In
some embodiments, the message can indicate where the conflict copy
of the edited item is located. In some embodiments, the sync client
110 can attempt to upload the new item and/or the edited item by
using a preflight upload API that does not actually involve an
upload. By using the preflight API, network bandwidth can be saved
by not sending uploads that can be rejected by the host server.
[0105] In some embodiments, the sync client 110 can detect that an
item in the permissioned sync folder has been deleted at block 652.
The sync client 110 can then attempt to sync the delete event with
the host server (e.g., using a delete API) at block 655. The sync
client 110 can receive a permission denied error at block 658. At
block 660, the sync client 110 can download the item that was
deleted locally from the host server at block 660 and ignore the
local delete. The sync client 110 can generate a permission denied
message and take an action revert to the previous state of the
permissioned sync folder at block 650. For example, if the
permissioned sync folder is itself deleted locally, the sync client
110 can recreate the deleted sync folder by downloading the sync
folder from the host server 100. However, in some embodiments,
deleting the sync folder can result in unsyncing of the folder.
This functionality can be configurable at the host server 100 by an
administrator.
[0106] In some embodiments, the sync client 110 can detect that an
item in the permissioned sync folder has been renamed at block 680.
The sync client 110 can attempt to sync the rename event with the
host server 100 (e.g., via the rename API) at block 685. At block
688, the sync client 110 can receive a permission denied error. The
sync client 110 can then rename the item back to its original name
(e.g., via sync API) at block 690 such that the local item has the
same name as the item in the host server 100. The sync client 110
can also generate a permission denied message and take an action to
revert to the previous state of the permissioned sync folder at
block 650.
[0107] In some embodiments, the sync client 110 can detect that an
item has been moved in or out of the permissioned sync folder at
block 665. For the item that has been moved in, the sync client 110
can treat it as a create event. For the item that has been moved
out, the sync client 110 can treat it as a delete event. The sync
client 110 can move the item back out or in and ignore the local
move.
[0108] In some embodiments, the sync client 110 can generate a
notification (e.g., growl notifications) when an action on a sync
item is rejected or denied or when the action is altered or
reverted because the action is not permitted on the sync item.
[0109] In some embodiments, the steps taken by a recovery handler
of the sync client 110 to recover from the permission error can
fail. For example, for the edit case described with respect to FIG.
6, the creation of the conflict copy could fail due to disk space
or permissions. Similarly, a download of an item can fail due to
communication failure or the item having been deleted from the host
server 100. The sync client 110 can deal with each of these
"sub-failures" in the failure recovery handler. FIGS. 7-10
illustrate example methods of handling example create, move/rename,
delete and edit recovery failures.
[0110] FIG. 7 depicts an example diagram illustrating a method of
handling a "create" failure by a sync client 110 on a client
device. In some instances, the host server can return a "permission
denied" message when a certain action (e.g., create action) is not
allowed in a sync folder or due to another reason. The permission
denied message can thus mask the actual reason for a failure to
sync a create event. In some instances, the create event can fail
to sync when a user creates a file with a file name locally and
another file with the same filename is created or exists on the
host server. This "name-in-use" condition will need to be handled
before file from the host server 100 can be downloaded to the
client device. The sync client, in some embodiments, can determine
if the permission denied error was received due to permissions or
another reason and recover from the error accordingly.
[0111] The example method 700 starts with a user creating a local
item in a sync folder at a client device at block 705. The sync
client 110 can then perform a sync check on the local item with a
host server at block 710. In some embodiments, the sync check can
be performed by the preflight API. At a decision block 715, the
sync client 110 determines if the sync is going to be successful.
If the sync is going to be successful, the sync client 110 can
create locale item is a success at block 718 and synchronize the
local sync folder with the cloud at block 720. If the sync is not
going to be successful, the sync client 110 can receive a
permissioned denied error at block 725. Optionally, the sync client
110 can check if the local item name is in use at the host server.
The sync client 110 can use a host server monitor (or API) as a
quick and inexpensive way to see if the name is in use on the host
server without a direct query of the host server. In some
embodiments, the monitor might not have the host server item right
away but it can eventually get that information from ALF events in
between retries. If the name is in use, the sync client 110 can
rename the local item to a conflict name and then retry syncing
after a time interval. This allows a create event from the host
server to succeed.
[0112] At block 730 the sync client 110 can optionally mark the
local item as a conflict item and, at block 735, move the local
item to another location. The sync client 110 can then notify the
user (e.g., collaborator operating the client device on which the
sync client 110 is running) via the client device (e.g., via a
permission denied message) about the unsuccessful sync and the
state and location of the locally created item. Lastly, the sync
client 110 can optionally provide the user with additional recovery
instructions. For example, the instructions can include the new
name and location of the file, etc.
[0113] FIG. 8 depicts an example diagram illustrating a method of
handling a "move" failure by a sync client 110 on a client device.
Similar method can be used to handle a "rename" failure in some
embodiments. The sync client 110 can handle the move failure by
reversing the move, i.e., moving the item back to where it was.
However, this may fail when the original location is occupied or
has no room. In that case, the sync client 110 can move the
blocking item out of the way.
[0114] The example method 800 starts with a user deleting a local
item in a sync folder at a client device at block 805. The sync
client 110 can then perform a sync check on the local item with a
host server at block 810. In some embodiments, the sync check can
be performed by the preflight API. At a decision block 815, the
sync client 110 determines if the sync is going to be successful.
If the sync is going to be successful, the sync client 110 can mark
the move as a success at block 820 and synchronize the local sync
folder with the cloud at block 825. The sync client 110 can also
update the Last Sync Item Store (LSIS) at block 830. If the sync is
not going to be successful, the sync client 110 can receive a
permissions error at block 840 and, at block 845, attempt to move
the item back to the local sync folder to recover from the error.
At decision block 850, the sync client 110 determines if the move
is successful. If the move is successful, the sync client 110 can
mark the move as a success at block 820. However, if the move is
unsuccessful at decision block 850, the sync client 110 can
determine if the item name is in use in the sync folder at decision
block 855. If so, another item with the same name has moved into
the sync folder. The sync client 110 can optionally rename the
blocking item to a conflict name and move it to another location at
block 860. The sync client 110 can then notify the user (e.g.,
collaborator operating the client device on which the sync client
110 is running) via the client device (e.g., via a permission
denied message) about the unsuccessful sync and the state and
location of the locally moved item at block 865. Lastly, at block
870, the sync client 110 can optionally provide the user with
additional recovery instructions. For example, the instructions can
include the new name and location of the file, etc.
[0115] If the item name is in not in use in the sync folder at
decision block 855, the sync client 110 can attempt other recovery
procedures as described herein at block 870. Lastly, at block 875,
the sync client can retry the attempted sync (e.g., via preflight
API) after a time interval or wait period.
[0116] In some embodiments, when a delete of an item in a sync
folder fails due to permissions, the sync client 110 can recover
from the error by re-downloading the item to the sync folder from
the host server 100. However, this recovery can fail if the
original location is in use. FIG. 9 depicts an example diagram
illustrating a method of handling a "delete" failure by a sync
client 110 on a client device.
[0117] The example method 900 starts with a user deleting a local
item in a sync folder at a client device at block 905. The sync
client 110 can then perform a sync check on the local item with a
host server at block 910. In some embodiments, the sync check can
be performed by the preflight API. At a decision block 915, the
sync client 110 determines if the sync is going to be successful.
If the sync is going to be successful, the sync client 110 can mark
the delete as a success at block 920 and synchronize the local sync
folder with the cloud at block 925. The sync client 110 can also
update the LSIS at block 930. If the sync is not going to be
successful, the sync client 110 can receive a permissions error at
block 935. At block 940, the sync client 110 can get the remote
item identifier associated with the same item in the cloud sync
folder and, at block 945, can download the item from the host
server using the remote item identifier.
[0118] At decision block 950, the sync client 110 can determine if
the download was successful. If the download result is a success,
the sync client 110 can mark the delete (recovery) as a success.
However, if the download result is not a success, the sync client
110 can, at decision block 955, determine if the item is in already
use on the cloud (host) sync folder (e.g., name-in-use error). If
so, the sync client 110 can optionally rename the blocking item to
a conflict name and move it to another location at block 960. The
sync client 110 can then notify the user (e.g., collaborator
operating the client device on which the sync client 110 is
running) via the client device (e.g., via a permission denied
message) about the unsuccessful sync and the state and location of
the locally moved item at block 965. At block 970, the sync client
110 can optionally provide the user with additional recovery
instructions. For example, the instructions can include the new
name and location of the file, etc. The sync client 110 can then
attempt to download the latest item again at block 945.
[0119] If the item name is in not in use in the sync folder at
decision block 855, the sync client 110 can determine if the item
is deleted at the cloud-based (host) server at block 980. If the
item is deleted, the sync client 110 can mark the delete as a
success at block 920. If the item is not deleted, the sync client
110 can attempt other recovery procedures as described herein at
block 985. Lastly, at block 990, the sync client can retry the
attempted sync (e.g., via preflight API) after a time interval or
wait period.
[0120] In some embodiments, an edit of a local item in a sync
folder can fail due to permissions. To recover from this error, the
sync client 110 can save the edits to the local item in a conflict
copy and re-download the item from its original location. However,
the re-download can fail under certain circumstances. FIG. 10
depicts an example diagram illustrating a method of handling an
"edit" failure by a sync client 110 on a client device.
[0121] The example method 1000 starts with a user editing a local
item in a sync folder at a client device at block 1005. The sync
client 110 can then perform a sync check on the local item with a
host server at block 1010. In some embodiments, the sync check can
be performed by the preflight API. At a decision block 1015, the
sync client 110 determines if the sync is going to be successful.
If the sync is going to be successful, the sync client 110 can mark
the edit as a success at block 1020 and synchronize the local sync
folder with the cloud at block 1025. The sync client 110 can also
update the LSIS at block 1030. If the sync is not going to be
successful, the sync client 110 can receive a permissions error at
block 1035. The sync client 110 can mark the item to as a conflict
item and optionally the item move to another location at block
1040. The sync client 110 can then notify the user (e.g.,
collaborator operating the client device on which the sync client
110 is running) via the client device (e.g., via a permission
denied message) about the unsuccessful sync and the state and
location of the locally moved item at block 1045. At block 1050,
the sync client 110 can optionally provide the user with additional
recovery instructions. For example, the instructions can include
the new name and location of the file, etc. At block 1055, the sync
client 110 can get the remote item identifier associated with the
same item in the cloud sync folder and, at block 1060, can download
the item from the host server using the remote item identifier.
[0122] At decision block 1065, the sync client 110 can determine if
the download was successful. If the download result is a success,
the sync client 110 can mark the edit (recovery) as a success.
However, if the download result is not a success, the sync client
110 can, at decision block 1070, determine if the item is deleted
at the cloud-based (host) server. If the item is deleted, the sync
client 110 can mark the delete as a success at block 1020. If the
item is not deleted, the sync client 110 can attempt other recovery
procedures as described herein at block 1072. Lastly, at block
1075, the sync client can retry the attempted sync (e.g., via
preflight API) after a time interval or wait period.
[0123] FIG. 11 depicts an example diagram illustrating a method of
handling a change to a sync item having a permission attribute. In
some embodiments, the method 1100 can be performed by the sync
client 110 to handle local changes to the sync item (i.e., changes
made to the sync item client side). The method 1100 starts at block
1105, with the sync client 110 receiving a content item marked for
synchronization and having a permission attribute associated with
it from the host server 100. The sync client 110 can detect a
change to the content item at block 1110. The change is a local
change (i.e., change to the sync item on the local file system). At
block 1115, the sync client 110 can perform a permission check on
the change to the content item. In some the permission check can be
performed using an API (e.g., preflight API). The cloud-based
server 100 can receive a notification of a change to the local copy
of the content item from the client device and determine whether
the change is permitted based on the permission attributes
associated with the content item.
[0124] In some embodiments, the sync client 110 sets permissions on
local file system and/or operating system. In such cases the local
file system and/or operating system can manage some or all aspects
of local permission verifications as described herein.
[0125] The sync client 110 can then receive a response to the
permission check. If the change to the content item is permitted as
indicated by the response to the permission check at decision block
1120, the sync client 110 can attempt to sync the content item to
the host server 100 at block 1135 so that the host server 100 has
the most up to date copy of the content item. At decision block
1140, the sync client 110 can determine if the sync was successful
or if there were one or more sync errors. Sync errors can occur if,
for example, permissions, sync items, etc., are modified by other
collaborators or administrators on the cloud between the time the
permission check is performed and the actual sync by the sync
client 110. If no sync errors occur, the sync is marked as a
success at block 1145. If a sync error does occur, then the sync
client 110 can attempt to resolve those issues/errors at block
1150.
[0126] Alternatively, if the change to the content item is denied
at decision block 1120, the sync client 110 can receive a
permission denied message at block 1125. The sync client 110 can
then initiate a recovery process to restore the content item to its
original form. The recovery process can depend on the type of
change to the content item. In some embodiments, the recovery
process may itself fail, and those failures can be handled by the
sync client. As illustrated in the example of FIG. 11, the recovery
process includes blocks 1126-1128. Other recovery processes are
also possible. In this example, at block 1126, the sync client 110
can save and/or mark the changed or new content item as a conflict
item. At block 1127, the sync client 110 can restore the content
item to a latest or most recent form locally. For example, this
block can be achieved by downloading a copy of the latest item from
the cloud. Lastly, at block 1128, recovery instructions can
optionally be provided to the user as described herein.
[0127] FIG. 12 depicts an example diagram illustrating a method of
allowing or denying an action on a sync item based on one or more
permission attributes of the item.
[0128] The example method 1200 starts at block 1205 with a host
server receiving or detecting a request from a user to take an
action on a sync item. At block 1210, the host server receives or
retrieves one or more permission attributes of the sync item. At
block 1215, the host server receives or retrieves an access level
of the user. At block 1220, the host server can perform a
permission check or verification on the action based on the one or
more permission attributes and in some embodiments, the access
level of the user. At decision block 1225, if the permission check
results in permission denied, then the host server denies the user
request with a permission denied error message at block 1235.
Otherwise, the host server allows the user to perform the action at
block 1230. At blocks 1232 and 1237, the host server notifies the
sync client (e.g., sync client 110) whether or not the action is
allowed.
[0129] FIG. 13 shows a diagrammatic representation 1300 of a
machine in the example form of a computer system within which a set
of instructions, for causing the machine to perform any one or more
of the methodologies discussed herein, can be executed.
[0130] In alternative embodiments, the machine operates as a
standalone device or can be connected (e.g., networked) to other
machines. In a networked deployment, the machine can operate in the
capacity of a server or a client machine in a client-server network
environment, or as a peer machine in a peer-to-peer (or
distributed) network environment.
[0131] The machine can be a server computer, a client computer, a
personal computer (PC), a user device, a tablet, a phablet, a
laptop computer, a set-top box (STB), a personal digital assistant
(PDA), a thin-client device, a cellular telephone, an iPhone, an
iPad, a Blackberry, a processor, a telephone, a web appliance, a
network router, switch or bridge, a console, a hand-held console, a
(hand-held) gaming device, a music player, any portable, mobile,
hand-held device, or any machine capable of executing a set of
instructions (sequential or otherwise) that specify actions to be
taken by that machine.
[0132] While the machine-readable medium or machine-readable
storage medium is shown in an exemplary embodiment to be a single
medium, the term "machine-readable medium" and "machine-readable
storage medium" should be taken to include a single medium or
multiple media (e.g., a centralized or distributed database, and/or
associated caches and servers) that store the one or more sets of
instructions. The term "machine-readable medium" and
"machine-readable storage medium" shall also be taken to include
any medium that is capable of storing, encoding or carrying a set
of instructions for execution by the machine and that cause the
machine to perform any one or more of the methodologies of the
presently disclosed technique and innovation.
[0133] In general, the routines executed to implement the
embodiments of the disclosure, can be implemented as part of an
operating system or a specific application, component, program,
object, module or sequence of instructions referred to as "computer
programs." The computer programs typically comprise one or more
instructions set at various times in various memory and storage
devices in a computer, and that, when read and executed by one or
more processing units or processors in a computer, cause the
computer to perform operations to execute elements involving the
various aspects of the disclosure.
[0134] Moreover, while embodiments have been described in the
context of fully functioning computers and computer systems, those
skilled in the art will appreciate that the various embodiments are
capable of being distributed as a program product in a variety of
forms, and that the disclosure applies equally regardless of the
particular type of machine or computer-readable media used to
actually effect the distribution.
[0135] Further examples of machine-readable storage media,
machine-readable media, or computer-readable (storage) media
include, but are not limited to, recordable type media such as
volatile and non-volatile memory devices, floppy and other
removable disks, hard disk drives, optical disks (e.g., Compact
Disk Read-Only Memory (CD ROMS), Digital Versatile Disks, (DVDs),
etc.), among others, and transmission type media such as digital
and analog communication links.
[0136] The network interface device enables the machine 1300 to
mediate data in a network with an entity that is external to the
host server, through any known and/or convenient communications
protocol supported by the host and the external entity. The network
interface device can include one or more of a network adaptor card,
a wireless network interface card, a router, an access point, a
wireless router, a switch, a multilayer switch, a protocol
converter, a gateway, a bridge, bridge router, a hub, a digital
media receiver, and/or a repeater.
[0137] The network interface device can include a firewall which
can, in some embodiments, govern and/or manage permission to
access/proxy data in a computer network, and track varying levels
of trust between different machines and/or applications. The
firewall can be any number of modules having any combination of
hardware and/or software components able to enforce a predetermined
set of access rights between a particular set of machines and
applications, machines and machines, and/or applications and
applications, for example, to regulate the flow of traffic and
resource sharing between these varying entities. The firewall can
additionally manage and/or have access to an access control list
which details permissions including for example, the access and
operation rights of an object by an individual, a machine, and/or
an application, and the circumstances under which the permission
rights stand.
[0138] Other network security functions can be performed or
included in the functions of the firewall, can be, for example, but
are not limited to, intrusion-prevention, intrusion detection,
next-generation firewall, personal firewall, etc. without deviating
from the novel art of this disclosure.
[0139] Unless the context clearly requires otherwise, throughout
the description and the claims, the words "comprise," "comprising,"
and the like are to be construed in an inclusive sense, as opposed
to an exclusive or exhaustive sense; that is to say, in the sense
of "including, but not limited to." As used herein, the terms
"connected," "coupled," or any variant thereof, means any
connection or coupling, either direct or indirect, between two or
more elements; the coupling of connection between the elements can
be physical, logical, or a combination thereof. Additionally, the
words "herein," "above," "below," and words of similar import, when
used in this application, shall refer to this application as a
whole and not to any particular portions of this application. Where
the context permits, words in the above Detailed Description using
the singular or plural number can also include the plural or
singular number respectively. The word "or," in reference to a list
of two or more items, covers all of the following interpretations
of the word: any of the items in the list, all of the items in the
list, and any combination of the items in the list.
[0140] The above detailed description of embodiments of the
disclosure is not intended to be exhaustive or to limit the
teachings to the precise form disclosed above. While specific
embodiments of, and examples for, the disclosure are described
above for illustrative purposes, various equivalent modifications
are possible within the scope of the disclosure, as those skilled
in the relevant art will recognize. For example, while processes or
blocks are presented in a given order, alternative embodiments can
perform routines having steps, or employ systems having in a
different order, and some processes or blocks can be deleted,
moved, added, subdivided, combined, and/or modified to provide
alternative or subcombinations. Each of these processes or blocks
can be implemented in a variety of different ways. Also, while
processes or blocks are at times shown as being performed in
series, these processes or blocks can instead be performed in
parallel, or can be performed at different times. Further, any
specific numbers noted herein are only examples: alternative
implementations can employ differing values or ranges.
[0141] The teachings of the disclosure provided herein can be
applied to other systems, not necessarily the system described
above. The elements and acts of the various embodiments described
above can be combined to provide further embodiments.
[0142] Any patents and applications and other references noted
above, including any that can be listed in accompanying filing
papers, are incorporated herein by reference. Aspects of the
disclosure can be modified, if necessary, to employ the systems,
functions, and concepts of the various references described above
to provide yet further embodiments of the disclosure.
[0143] These and other changes can be made to the disclosure in
light of the above Detailed Description. While the above
description describes certain embodiments of the disclosure, and
describes the best mode contemplated, no matter how detailed the
above appears in text, the teachings can be practiced in many ways.
Details of the system can vary considerably in its implementation
details, while still being encompassed by the subject matter
disclosed herein. As noted above, particular terminology used when
describing certain features or aspects of the disclosure should not
be taken to imply that the terminology is being redefined herein to
be restricted to any specific characteristics, features, or aspects
of the disclosure with which that terminology is associated. In
general, the terms used in the following claims should not be
construed to limit the disclosure to the specific embodiments
disclosed in the specification, unless the above Detailed
Description section explicitly defines such terms. Accordingly, the
actual scope of the disclosure encompasses not only the disclosed
embodiments, but also all equivalent ways of practicing or
implementing the disclosure under the claims.
[0144] While certain aspects of the disclosure are presented below
in certain claim forms, the inventors contemplate the various
aspects of the disclosure in any number of claim forms. For
example, while only one aspect of the disclosure is recited as a
means-plus-function claim under 35 U.S.C. .sctn.112(f), other
aspects can likewise be embodied as a means-plus-function claim, or
in other forms, such as being embodied in a computer-readable
medium. (Any claim intended to be treated under 35 U.S.C.
.sctn.112(f) begins with the words "means for"). Accordingly, the
applicant reserves the right to add additional claims after filing
the application to pursue such additional claim forms for other
aspects of the disclosure.
* * * * *