Skip to content

Feat WebDAV#131

Open
lauty95 wants to merge 24 commits into
version-15from
issue-112
Open

Feat WebDAV#131
lauty95 wants to merge 24 commits into
version-15from
issue-112

Conversation

@lauty95

@lauty95 lauty95 commented Jun 4, 2026

Copy link
Copy Markdown
Collaborator

PR against version-15: WebDAV file access

Summary

This PR adds WebDAV access to Cloud Storage so users can work with their files from desktop tools.

The integration works with:

  • macOS > Finder
  • Windows > rclone/WinFsp
  • Compatible WebDAV clients

The main goal is to keep Frappe as the source of truth. Files are still stored as File documents, Frappe permissions are respected, files created through WebDAV are private by default, and storage can be either local or S3-compatible depending on the existing Cloud Storage configuration.

Demos

  • macOS connection
1-Connect.from.Mac.mov
  • Windows connection
unknown_2026.06.05-08.41_clip_1_clip_1.mp4
  • Local storage and S3-compatible storage:
    • Drag and drop
    • Create folder
    • Edit file
    • Move file between folders
    • Duplicate file
3-File.Demos.mov
  • Administrator user and another user:
    • Private files created by one user are not visible to another user
4-Private.mov

Local Storage Behavior

When Cloud Storage is configured to use local storage, WebDAV creates and updates Frappe File documents and writes the file content to the site's local filesystem.

In this mode, S3 or any external storage service is not required. This is useful for local development, testing, and installations that do not use a remote bucket.

Editing from desktop clients also works with the atomic-save flow used by applications such as TextEdit on macOS or Notepad on Windows. The client may create temporary files and move them over the final file, while Cloud Storage keeps the correct final File document.

S3-Compatible Storage Behavior

When Cloud Storage is configured with S3-compatible storage, WebDAV keeps Frappe File documents as metadata and stores the content in the bucket.

Files uploaded through WebDAV use a path strategy designed to avoid conflicts during desktop operations, especially when clients create temporary files and then move them over the original file.

Downloads for S3-backed files can still be served through the existing signed URL flow, with Frappe permissions checked before granting access to the object.

Files Added Or Updated

  • cloud_storage/cloud_storage/webdav/renderer.py

    • WebDAV entry point inside Frappe. It connects /dav/ routes to WsgiDAV, handles WebDAV authentication, methods, and responses.
  • cloud_storage/cloud_storage/webdav/provider.py

    • Maps Frappe File documents and folders to WebDAV resources. This is where the main WebDAV operations live: list, create, read, write, move, and delete.
  • cloud_storage/cloud_storage/webdav/buffers.py

    • Handles content received through PUT and turns it into File documents, for both local storage and S3-compatible storage.
  • cloud_storage/cloud_storage/webdav/paths.py

    • Defines WebDAV file paths and replacement behavior, including preserving the Cloud Storage file version history.
  • cloud_storage/cloud_storage/webdav/permissions.py

    • Centralizes permission checks so the WebDAV client follows Frappe's access rules.
  • cloud_storage/cloud_storage/webdav/locks.py

    • Stores WebDAV locks in Redis. This lets file locks be shared between Frappe workers, which matters in production when different requests may be handled by different processes.
  • cloud_storage/cloud_storage/webdav/memory.py

    • Temporarily stores operating-system metadata files, such as .DS_Store or auxiliary files, without persisting them as File documents.
  • cloud_storage/hooks.py

    • Registers the renderer and request hook so Frappe can receive WebDAV methods.
  • docs/webdav.md

    • User-facing documentation for connecting from macOS, Windows, and rclone.
  • docs/hooks.md

    • Documents the optional hook for customizing WebDAV paths in S3.

Usage Details

Production URL:

https://your-site.example.com/dav/

Local URL:

http://your-site.localhost:8000/dav/

Credentials:

  • Username: Frappe API Key
  • Password: Frappe API Secret

@github-actions

github-actions Bot commented Jun 4, 2026

Copy link
Copy Markdown

Draft Changelog Entry

Changelog Entry

WebDAV file access has been added to Cloud Storage. Users can now connect to their cloud files from desktop applications and file managers using WebDAV protocol.

The WebDAV service is accessible at https://your-site.example.com/dav/ (or http://your-site.localhost:8000/dav/ for local development) and requires Frappe API credentials for authentication. The integration supports macOS Finder, Windows systems via rclone and WinFsp, and other compatible WebDAV clients.

Files accessed through WebDAV remain stored as Frappe File documents, and all existing Frappe permissions are enforced. Files created through WebDAV are private by default. The feature works with both local file storage and S3-compatible storage configurations. When using S3 storage, downloads continue to use the existing signed URL flow with permission verification.

Desktop file operations are supported, including drag and drop, folder creation, file editing, moving files between folders, and file duplication. The system handles atomic-save operations used by applications such as TextEdit on macOS and Notepad on Windows. File version history is preserved when files are edited through WebDAV.

File locks are stored in Redis to ensure consistency across multiple server processes in production environments. Operating system metadata files such as .DS_Store are temporarily stored without being persisted as File documents.

Documentation for connecting from macOS, Windows, and rclone has been added to the system documentation.

This changelog entry was automatically generated by the Changelog Generator Action.

@github-actions

github-actions Bot commented Jun 5, 2026

Copy link
Copy Markdown

Coverage

@lauty95 lauty95 linked an issue Jun 8, 2026 that may be closed by this pull request
@agritheory agritheory requested review from Alchez and agritheory June 24, 2026 13:08
@Alchez

Alchez commented Jun 25, 2026

Copy link
Copy Markdown
Collaborator

@lauty95 @agritheory I was able to get local storage to work on my Ubuntu setup (26.04 LTS):

  • In my Files application, I pasted the following URL: dav://127.0.0.1:<bench-port>/dav/
  • That opened up the "Attachments" folder, where dropping in files directly created an upload in Frappe (and set the file to private automatically)

I couldn't test the S3 path though since I'll need the credentials for that again, but I'll talk to you on Slack about that @agritheory.


Some things that Claude flagged doing a review:

  1. Zero automated tests for 1,479 lines of stateful, permission-sensitive, failure-prone code.
  2. It buffers entire file bodies in memory, both directions, specifically in renderer.py:_invoke_webdav:
  body = request.get_data()                 # whole upload → RAM
  environ["wsgi.input"] = io.BytesIO(body)
  ...
  out = b"".join(body_iter)                  # whole download → RAM
  1. N+1 permission checks on every directory listing. get_member_names does frappe.has_permission("File", doc=r.name, ...) per row, which will keep increasing with number of files in a folder.
  2. can_write_folder returns True for "Home" unconditionally. Any authenticated WebDAV user can write into the Home root (creation is still gated by the doctype-level _can_create(), so it's not wide open, but the per-folder check is bypassed for the root specifically). Worth confirming that's intended.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

Support rclone API

2 participants