I am trying to develop a Box application that will allow users to access their document and files from my system as though they were stored within Box. I'm running into some problems with making sure I fully understand and support Box's permissions model. I want to ensure that, if a user legitimately has access to a file in Box, they get the correct access permissions when they go to interact with that document within my system.
My primary exposure to most of the Box API lately has been through the Java SDK. I'm not making any HTTP requests directly, and my perception of the structure of different resources is largely influenced by the structure of the resource objects in the SDK.
So far, I have discovered four ways a file in Box can be shared with a user:
1) On the FileInfo resource, there is a method for getting a user's permissions. However, I don't know how to make any permissions appear here.
2) On the FolderInfo resource, there is also a method for getting a user's permissions. I expect this is very similar to the permissions on a file. I also can't figure out how to make permissions appear here.
3) On the Folder resource, there is a method to get the collaborators for a folder. This is the one approach that I have figured out, and it works quite nicely within my system now.
4) I know Box has share links, but I can't figure out how to tell if a file is being accessed from a share link in order to look up the permissions associated with that link.
I want to figure out how a user might receive permissions on a file or folder without being a collaborator (#1 and #2 above). I also am still uncertain as to how I should go about determining a user's access to a file from a shared link, because I have no way of getting the share resource ID when a user uses one (#4 above).
Can anyone help me understand me how to support #1, #2, and #4? Also, am I missing any other ways a user could get access to a file?