feat(permissions): implement fine-grained permission control

[Lanfei]

Description / 描述

This PR implements a fine-grained, per-user read/write permission system at the meta level, allowing administrators to restrict specific users from accessing or modifying
certain paths. It also refactors existing permission check functions for clarity and adds comprehensive test coverage.

本 PR 在 meta
层面实现了细粒度的用户读/写权限系统，允许管理员限制特定用户对某些路径的访问或修改权限。同时对现有权限检查函数进行了重命名重构以提升可读性，并添加了完整的测试覆盖。

Key changes / 主要变更：

• Add ReadUsers/WriteUsers fields to the Meta model with sub-directory inheritance flags
  在 Meta 模型中新增 ReadUsers/WriteUsers 字段，支持子目录继承标志
• Implement CanRead and CanWrite permission check functions in server/common
  在 server/common 中实现 CanRead 和 CanWrite 权限检查函数
• Filter file list results based on user read permissions
  根据用户读权限对文件列表结果进行过滤
• Add permission checks across all file operations (FTP, HTTP handlers, WebDAV)
  在所有文件操作（FTP、HTTP 处理器、WebDAV）中添加权限检查
• Rename functions for clarity: User.CanWrite() → User.CanCreateFilesOrFolders(), common.CanWrite() → common.CanWriteContentBypassUserPerms(), common.IsApply() →
  common.MetaCoversPath()
  重命名函数以提升可读性：User.CanWrite() → User.CanCreateFilesOrFolders()，common.CanWrite() → common.CanWriteContentBypassUserPerms()，common.IsApply() →
  common.MetaCoversPath()

Note / 注意： Batch and recursive operations (FsMove, FsCopy, FsRemove, FsRecursiveMove, FsBatchRename, FsRegexRename) currently check parent directory
permissions only. Individual item permission checks are not performed for performance reasons.
批量与递归操作（FsMove、FsCopy、FsRemove、FsRecursiveMove、FsBatchRename、FsRegexRename）当前仅检查父目录权限，出于性能考量，不对单个子项逐一检查权限。

Motivation and Context / 背景

The existing permission system only supports coarse-grained flags (e.g., global write permission). There was no way to restrict specific users from reading or writing to
particular paths without affecting all users. This PR addresses that gap by introducing a per-user allowlist at the meta level.

现有权限系统仅支持粗粒度的标志位（如全局写权限），无法在不影响其他用户的情况下限制特定用户对特定路径的读写访问。本 PR 通过在 meta 层面引入基于用户的白名单机制来填补这一空白。

Relates to #1328
Closes #1257
Closes #1267
Closes #346
Closes #1753

How Has This Been Tested? / 测试

• Added TestCanRead, TestCanWrite, TestCanAccessWithReadPermissions, and TestWritePermissionCombinations to validate the three-layer permission system
  新增 TestCanRead、TestCanWrite、TestCanAccessWithReadPermissions 及 TestWritePermissionCombinations，验证三层权限体系
• Test scenarios cover: nil user/meta, sub-path inheritance, user whitelists, and root-level restrictions
  测试场景覆盖：nil 用户/meta、子路径继承、用户白名单及根路径限制
• Added 43 test scenarios for MetaCoversPath, CanWriteContentBypassUserPerms, getReadme, getHeader, isEncrypt, and whetherHide
  为 MetaCoversPath、CanWriteContentBypassUserPerms、getReadme、getHeader、isEncrypt、whetherHide 新增 43 个测试场景
• Added list_test.go and fsread_test.go for coverage of list filtering and read handler logic
  新增 list_test.go 和 fsread_test.go，覆盖列表过滤与读取处理器逻辑

Checklist / 检查清单

• I have read the CONTRIBUTING document.
  我已阅读 CONTRIBUTING 文档。
• I have formatted my code with go fmt or prettier.
  我已使用 go fmt 或 prettier 格式化提交的代码。
• I have added appropriate labels to this PR (or mentioned needed labels in the description if lacking permissions).
  我已为此 PR 添加了适当的标签（如无权限或需要的标签不存在，请在描述中说明，管理员将后续处理）。
• I have requested review from relevant code authors using the "Request review" feature when applicable.
  我已在适当情况下使用"Request review"功能请求相关代码作者进行审查。
• I have updated the repository accordingly (If it's needed).
  我已相应更新了相关仓库（若适用）。
  • OpenList-Frontend - feat(permissions): implement fine-grained permission control OpenList-Frontend#386
  • OpenList-Docs - docs(meta): implement fine-grained permission control OpenList-Docs#310

[Lanfei]

Hi @xrgzs @PIKACHUIM, this PR has been open for about 3 weeks now. CI is all green and there are no merge conflicts. The companion frontend PR (OpenList-Frontend#386) and docs PR (OpenList-Docs#310) are also ready. Could you help schedule a review? Happy to make any adjustments based on your feedback. Thanks!

[Copilot]

Pull request overview

This PR introduces meta-level, per-user read/write allowlists and wires the new permission checks through core file operations (HTTP handlers, FTP, WebDAV), including filtering list results by read permission and expanding automated test coverage for the new permission logic.

Changes:

• Extend Meta with ReadUsers/WriteUsers (+ sub-path inheritance flags) and add common.CanRead / common.CanWrite checks.
• Apply permission checks across file operations (list/read/write/manage) including WebDAV/FTP and list filtering.
• Add/expand tests for meta path coverage and permission combinations.

Reviewed changes

Copilot reviewed 20 out of 20 changed files in this pull request and generated 8 comments.

Show a summary per file

File	Description
internal/model/meta.go	Adds per-user read/write allowlists to Meta (JSON-serialized).
server/common/check.go	Introduces CanRead/CanWrite, refactors path coverage helper(s).
internal/fs/list.go	Filters directory listings based on per-user read permission.
server/handles/fsread.go	Adjusts list response fields and write/tool availability logic.
server/handles/fsmanage.go	Adds parent-meta permission checks to manage operations.
server/webdav.go	Updates WebDAV auth/middleware context values for permission checks.
server/webdav/webdav.go	Adds CanAccess/CanWrite enforcement for WebDAV operations.
server/webdav/file.go	Adds permission gates to WebDAV copy/move helpers.
server/middlewares/fsup.go	Refactors upload middleware permission checks.
server/ftp/fsup.go / server/ftp/fsmanage.go / server/ftp/fsread.go	Adds/adjusts FTP permission checks using new helpers.
server/handles/archive.go / server/handles/offline_download.go	Adds meta permission checks for archive/decompress and offline download creation.
server/common/check_test.go / internal/fs/list_test.go / server/handles/fsread_test.go	Adds/expands tests for the new permission model and helpers.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

You can also share your feedback on Copilot code review. Take the survey.

[Lanfei]

@xrgzs @PIKACHUIM All Copilot review comments have been addressed. Could you please take a look when you have a chance? Thanks!

[xrgzs]

@Lanfei Can it smoothly migrate from the old version to the new version? If not, please refine the migration code.

[Lanfei]

@xrgzs Yes, migration from older versions is smooth — no manual migration patch is needed.

GORM's AutoMigrate (called at startup in internal/db/db.go) will automatically ADD COLUMN for the four new fields on the metas table: read_users, read_users_sub, write_users, write_users_sub.

For existing rows, read_users and write_users will be NULL, which GORM's JSON serializer deserializes as a nil slice. Since CanRead/CanWrite only restrict access when len(ReadUsers) > 0 / len(WriteUsers) > 0, existing metas with no value set will behave exactly as before — no access restrictions are added. The two new bool columns default to false, which is also the safe/permissive default.

In short: upgrading applies additive schema changes only, and the zero-value semantics preserve backward-compatible behavior for all existing data.