Currently we rely on a symlink workaround to allow navigation to files outside of root directory. This is suboptimal for multiple reasons:

• user needs to create symlink (requires enabling Developer Mode on Windows)
• symlink needs to be added to gitignore
• symlink needs to be added to each project
• user may accidentally move files into the symlink when hidden files are shown
• requires enabling hidden files to work in latest server
• there is no server-side way to enforce read-only mode which in past resulted in file corruption because upstream implemented rename based on widget title change (sic!)

Proposed solution

jupyter-lsp should come with a custom ContentsManager for external file access; we could call it GlobalContentsManager or similar

• it should be disabled by default for security reasons
• it should be easy to enable via tratilet (standard jupyter config mechanism)
• it should allow granular access configuration: I am happy to allow access to site-packages and others, but less so to my full disk root; for example:

  GlobalContentsManager.allowed_dirs = [
      '/path/to/site-packages',
      '/path/to/node_modules',
      '/path/to/another/project'
  ]

• ideally it should be easy to switch on from command line without knowing about traitlets, like jupyter password allows to set password without having to worry about where the config is located, we could have:

  jupyter lsp file-access allow /path/to/my/site-packages
  

• it should be read-only be default (for the paths outside of root) but allow user to enable editing via request from front-end
• the request from front-end would only be respected with if explicitally allowed on the server side, by adjusting traitlet:

   GlobalContentsManager.allow_editing: bool | list[str] = false

  again, a command like jupyter lsp file-access allow-editing /path/to/prefix could help users who are not well versed in jupyter config.

Front-end could advise the user to enable access or editing on the server side as needed.