SPEC 008 — Data Rooms
This spec has been merged into Spec 007 — Documents and DocGen, Section 3.5 (Data Room Access Control).Data rooms share 100% of the same API endpoints, frontend UI, and backend entities (DirectoryItems, Files) as the general document management system. The only differentiating element is the
DataRoomsMembers entity, which provides member-level access control for named data rooms.Status
| Field | Value |
|---|---|
| Status | MERGED into 007 |
| Priority | P1 — Core Product |
| Redirect | Spec 007, Section 3.5 |
Summary of Findings
What Exists
- DataRoomsMembers entity (
schema.tslines 164–174): Composite PK ofdataRoomName(varchar) +member(uuid) +permission(uuid). Stores per-member access grants for named data rooms. - Persistence functions:
getDataRoomsPermissionsForMember,getDataRoomsPermissionsForOrganizationAnUser(reading),insertDataRoomsMembers(writing). - Legacy path restriction:
processRestrictedPathinmicrosoft/src/reading.tsrestricts folder access for non-admin users based on theirdataRoomNameentries. Built for Microsoft Graph/SharePoint storage.
What Does Not Exist (Gaps)
- No REST API endpoints for managing data room membership (grant/revoke access)
- No frontend UI for data room member management
- Legacy Microsoft integration is deprecated — the path restriction mechanism is not used with the current native S3 file storage
Recommended Next Steps
A new specification is needed for modern data room access control that:- Defines REST endpoints for granting/revoking data room access to members
- Builds a frontend UI for data room member management
- Integrates with the current S3-based file storage (not legacy Microsoft Graph)
- Considers Google Drive integration (
equa-server/modules/google-drive/) as an alternative storage backend - Reuses the existing
DataRoomsMembersentity or refactors it for the modern architecture