Collection
Reference for the arke/collection@v1 profile -- permission containers with role-based access.
Profile
arke/collection@v1
Required Properties
| Property | Type | Description |
|---|---|---|
label | string | Display name (non-empty) |
Optional Properties
| Property | Type | Description |
|---|---|---|
description | string | Collection description |
display_image_url | string | Display image URL |
roles | RolesConfig | Role definitions mapping role names to action arrays (defaults to DEFAULT_ROLES) |
Additional properties can be stored in the properties object.
Default Roles
If roles is not provided, the following defaults are used:
{
"owner": ["*:view", "*:update", "*:create", "collection:update", "collection:manage"],
"editor": ["*:view", "*:update", "*:create"],
"viewer": ["*:view"],
"public": ["*:view"]
}Action Format
Actions follow the type:verb pattern:
| Pattern | Example | Description |
|---|---|---|
type:verb | file:view | Specific action on a type |
*:verb | *:view | Verb wildcard - matches any type |
type:* | file:* | Type wildcard - matches any verb for that type |
Note: collection:* is not allowed (security restriction). Collection management requires explicit actions like collection:update or collection:manage.
Common Verbs
| Verb | Description | Implied Verbs |
|---|---|---|
view | Read access | download |
update | Modify entities | reupload, upload, delete |
create | Create new entities | - |
manage | Full control | view, download, create, update, reupload, upload, delete |
Type Implications
The entity base type implies all specific types (file, user, folder, etc.), with one exception:
entity:viewimpliescollection:view(safe to view collection metadata)entity:update,entity:create, etc. do NOT implycollection:*(prevents editors from modifying collection settings)
Platform Role Requirement
The public role with *:view action is required by default (platform rule). This ensures collections are publicly viewable. Private collections will likely be available at some future point.
Custom Roles
Custom roles can be defined with any combination of valid actions:
{
"transcriber": ["*:view", "file:update"],
"reviewer": ["*:view", "file:update", "file:create"]
}Role Name Validation
- Must start with a letter
- Can contain letters, numbers, underscores, and hyphens
- Maximum 64 characters
- Pattern:
^[a-zA-Z][a-zA-Z0-9_-]*$
Example
A collection containing the text of Moby Dick:
{
"schema": "arke/eidos@v1",
"id": "01KFNR0H0Q791Y1SMZWEQ09FGV",
"type": "collection",
"properties": {
"label": "Moby Dick",
"description": "The complete text of Herman Melville's Moby Dick",
"roles": {
"owner": ["*:view", "*:update", "*:create", "collection:update", "collection:manage"],
"editor": ["*:view", "*:update", "*:create"],
"viewer": ["*:view"],
"public": ["*:view"]
},
"_profile_version": "v1"
},
"relationships": [
{ "predicate": "public", "peer": "*", "peer_type": "wildcard" },
{ "predicate": "owner", "peer": "01JISHMAEL...", "peer_type": "user", "properties": { "granted_at": "2024-01-15T10:00:00Z", "granted_by": "01JISHMAEL..." } },
{ "predicate": "contains", "peer": "01KFNR0Z394A878Y5AQ63MQEM2", "peer_type": "file" }
]
}Relationships
Role Assignments
Role names are used as predicates. Peer must be user, group, or * (wildcard for public):
{ "predicate": "owner", "peer": "01JISHMAEL...", "peer_type": "user" }
{ "predicate": "editor", "peer": "01JQUEEQUEG...", "peer_type": "user" }
{ "predicate": "public", "peer": "*", "peer_type": "wildcard" }Temporal Role Assignments
Role assignments can include temporal metadata in the properties object:
| Property | Type | Description |
|---|---|---|
granted_at | string (ISO 8601) | When the role was assigned |
granted_by | string | User ID of who granted the role |
expires_at | string (ISO 8601) | When the role expires (omit for permanent) |
{
"predicate": "editor",
"peer": "01JQUEEQUEG...",
"peer_type": "user",
"properties": {
"granted_at": "2024-01-15T10:00:00Z",
"granted_by": "01JISHMAEL...",
"expires_at": "2024-02-15T10:00:00Z"
}
}Content Relationships
{ "predicate": "contains", "peer": "01KFNR0Z394A878Y5AQ63MQEM2", "peer_type": "file", "peer_label": "moby-dick.txt" }Validation Rules
- Must have a non-empty
labelstring - If
rolesis provided, all actions must be valid registered actions or valid wildcards - Role names must match the validation pattern (
^[a-zA-Z][a-zA-Z0-9_-]*$) - Must include the
publicrole with*:viewaction (platform requirement, unless user has subscription) - Role assignments (relationships) must target user, group, or wildcard peer types
- The
publicwildcard relationship is automatically added on collection creation
Protected Properties
The following properties cannot be set via the generic properties bag and must use dedicated operations:
| Property | Description |
|---|---|
roles | Use addRole, updateRole, deleteRole operations |
_profile_version | Internal field, automatically managed |