mirrors/copyparty
1
0
Fork 0
mirror of https://github.com/9001/copyparty.git synced 2025-10-31 04:32:20 -06:00
Code Issues Actions Packages Projects Releases Wiki Activity

subtract users/groups from access; closes #845

Browse source
This commit is contained in:
ed 2025-10-17 00:01:54 +00:00
parent 1eb016c975
commit b4fda5f1d6
3 changed files with 25 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
README.md
View file

@ -523,6 +523,9 @@ examples:
if you want to grant access to all users who are logged in, the group `acct` will always contain all known users, so for example `-v /mnt/music:music:r,@acct` if you want to grant access to all users who are logged in, the group `acct` will always contain all known users, so for example `-v /mnt/music:music:r,@acct`
* to do the opposite, granting access to everyone who is NOT logged in. `*,-@acct` does the trick, for example `-v /srv/welcome:welcome:r,*,-@acct`
* single users can also be subtracted from a group: `@admins,-james`
anyone trying to bruteforce a password gets banned according to `--ban-pw`; default is 24h ban for 9 failed attempts in 1 hour anyone trying to bruteforce a password gets banned according to `--ban-pw`; default is 24h ban for 9 failed attempts in 1 hour
and if you want to use config files instead of commandline args (good!) then here's the same examples as a configfile; save it as `foobar.conf` and use it like this: `python copyparty-sfx.py -c foobar.conf` and if you want to use config files instead of commandline args (good!) then here's the same examples as a configfile; save it as `foobar.conf` and use it like this: `python copyparty-sfx.py -c foobar.conf`

7
copyparty/__main__.py
View file

@ -649,8 +649,11 @@ def get_sects():
if no accounts or volumes are configured, if no accounts or volumes are configured,
current folder will be read/write for everyone current folder will be read/write for everyone
the group @acct will always have every user with an account the group \033[33m@acct\033[0m will always have every user with an account
(the name of that group can be changed with --grp-all) (the name of that group can be changed with \033[32m--grp-all\033[0m)
to hide a volume from authenticated users, specify \033[33m*,-@acct\033[0m
to subtract \033[33m@acct\033[0m from \033[33m*\033[0m (can subtract users from groups too)
consider the config file for more flexible account/volume management, consider the config file for more flexible account/volume management,
including dynamic reload at runtime (and being more readable w) including dynamic reload at runtime (and being more readable w)

21
copyparty/authsrv.py
View file

@ -1972,9 +1972,18 @@ class AuthSrv(object):
axs_key = "u" + perm axs_key = "u" + perm
for vp, vol in vfs.all_vols.items(): for vp, vol in vfs.all_vols.items():
zx = getattr(vol.axs, axs_key) zx = getattr(vol.axs, axs_key)
if "*" in zx: if "*" in zx and "-@acct" not in zx:
for usr in unames: for usr in unames:
zx.add(usr) zx.add(usr)
for zs in list(zx):
if zs.startswith("-"):
zx.discard(zs)
zs = zs[1:]
zx.discard(zs)
if zs.startswith("@"):
zs = zs[1:]
for zs in grps.get(zs) or []:
zx.discard(zs)
# aread,... = dict[uname, list[volnames] or []] # aread,... = dict[uname, list[volnames] or []]
umap: dict[str, list[str]] = {x: [] for x in unames} umap: dict[str, list[str]] = {x: [] for x in unames}
@ -2754,9 +2763,13 @@ class AuthSrv(object):
["uadmin", "uadmin"], ["uadmin", "uadmin"],
]: ]:
u = list(sorted(getattr(zv.axs, attr))) u = list(sorted(getattr(zv.axs, attr)))
u = ["*"] if "*" in u else u if u == ["*"] and acct:
u = ", ".join("\033[35meverybody\033[0m" if x == "*" else x for x in u) u = ["\033[35monly-anonymous\033[0m"]
u = u if u else "\033[36m--none--\033[0m" elif "*" in u:
u = ["\033[35meverybody\033[0m"]
if not u:
u = ["\033[36m--none--\033[0m"]
u = ", ".join(u)
t += "\n| {}: {}".format(txt, u) t += "\n| {}: {}".format(txt, u)
if "e2d" in zv.flags: if "e2d" in zv.flags: