📁👩👩👧👦 Admin-configured folders shared by everyone in a group.
Admin configured folders accessible by everyone in a group.
Folders can be configured from Group folders in the admin settings.
After a folder is created, the admin can give access to the folder to one or more groups, a quota can be assigned for the folder and advanced permissions can be activated and configured.
Permissions to the content of a group folder can be configured on a per-group basis.
The configuration options include the Write, Share and Delete permissions for each group.
Once configured, the folders will show up in the home folder for each user in the configured groups.
Advanced Permissions allows entitled users to configure permissions inside groupfolders on a per file and folder basis.
Permissions are configured by setting one or more of "Read", "Write", "Create", "Delete" or "Share" permissions to "allow" or "deny". Any permission not explicitly set will inherit the permissions from the parent folder. If multiple configured advanced permissions for a single file or folder apply for a single user (such as when a user belongs to multiple groups), the "allow" permission will overwrite any "deny" permission. Denied permissions configured for the group folder itself cannot be overwritten to "allow" permissions by the advanced permission rules.
Users or whole groups can be entitled to set advanced permissions for each group folder separately on the group folders admin page. For entitlements, only users from those groups are selectable which have to be configured selected in the Groups column.
Group folders can be configured on the command line (cli) using the
occcommand:
occ groupfolders:create→ create a group folder
occ groupfolders:delete [-f|--force]→ delete a group folder and all its contents
occ groupfolders:expire→ trigger file version expiration (see Nextcloud docs for details)
occ groupfolders:group [-d|--delete] [write|share|delete]→ assign groups and their rights to a group folder
occ groupfolders:list→ list configured group folders
occ groupfolders:permissions→ configure advanced permissions (see below for details)
occ groupfolders:quota [|unlimited]→ set a quota for a group folder
occ groupfolders:rename→ rename a group folder
occ groupfolders:scan→ trigger a filescan for a group folder
occ groupfolders:trashbin:cleanup→ empty the trashbin of all group folders
Advanced permissions can also be configured trough the
occ groupfolders:permissionscommand.
To use the occ command you'll first need to find the id of the groupfolder you're trying to configure trough
occ groupfolders:list.
Before configuring any advanced permissions you'll first have to enable advanced permissions for the folder using
occ groupfolders:permissions --enable. Then you can list all configured permissions trough
occ groupfolders:permissions. To disable the advanced permissions feature for a group folder, use
occ groupfolders:permissions --disable.
occ groupfolders:permissions 1 +------------+--------------+-------------+ | Path | User/Group | Permissions | +------------+--------------+-------------+ | folder | group: admin | +write | | folder/sub | user: admin | +share | | | user: test | -share | +------------+--------------+-------------+
Permissions for files and folders can be set trough
occ groupfolders:permissions --group --to set permissions for a group or
occ groupfolders:permissions --user --to set permissions for a single user. can be one or more of the following options:
-read,
+read,
-write,
+write,
-create,
+create,
-delete,
+delete,
-shareor
+shareto set the set the respective permission to "deny" or "allow". You can delete a rule by passing
clearas the field. Note: An advanced permission settings set always needs to be complete (for example
+read -create +delete) and not just incremental (for example
-create). Not mentioned options (in the above example that's write and share) are interpreted as inherited.
To help with configuring nested permission rules, you can check the effective permissions a user has for a path using
occ groupfolders:permissions --user --test.
To manage the entitled users or groups to set set advanced permissions, use
occ groupfolders:permissions [[-m|--manage-add] | [-r|--manage-remove]] [[-u|--user ] | [-g|--group ]].
Group folders can be configured externally trough the OCS Api.
For all
POSTcalls the required parameters are listed, for more information about how to use an OCS api see the Nextcloud documentation on the topic
The following OCS calls are supported.
GET apps/groupfolders/folders: Returns a list of call configured folders and their settings
POST apps/groupfolders/folders: Create a new group folder
mountpoint: The name for the new folder
GET apps/groupfolders/folders/$folderId: Return a specific configured folder and it's settings
DELETE apps/groupfolders/folders/$folderId: Delete a group folder
POST apps/groupfolders/folders/$folderId/groups: Give a group access to a folder
group: The id of the group to be given access to the folder
DELETE apps/groupfolders/folders/$folderId/groups/$groupId: Remove access from a group to a folder
POST apps/groupfolders/folders/$folderId/groups/$groupId: Set the permissions a group has in a folder
permissionsThe new permissions for the group as bitmask of permissions constants
POST apps/groupfolders/folders/$folderId/quota: Set the quota for a folder
quota: The new quota for the folder in bytes, user
-3for unlimited
POST apps/groupfolders/folders/$folderId/mountpoint: Change the name of a folder
mountpoint: The new name for the folder