IdP: extend ${u} with syntax to exclude by group

just like before, if vpath contains ${u} then the IdP-volume is created unconditionally but this is new: ${u%+foo} creates the vol only if user is member of group foo ${u%-foo} creates the vol if user is NOT member of group foo
2026-04-02 22:08:38 +10:00 · 2025-03-16 19:28:23 +00:00
parent 999789c742
commit 9c2c423761
2 changed files with 34 additions and 2 deletions
--- a/docs/examples/docker/idp/copyparty.conf
+++ b/docs/examples/docker/idp/copyparty.conf
@@ -13,6 +13,8 @@
 # because that is the data-volume in the docker containers,
 # because a deployment like this (with an IdP) is more commonly
 # seen in containerized environments -- but this is not required
+#
+# the example group "su" (super-user) is the admins group


 [global]
@@ -78,6 +80,18 @@
    rwmda: @${g}, @su  # read-write-move-delete-admin for that group + the "su" group


+[/sus/${u%+su}]  # users which ARE members of group "su" gets /sus/username
+  /w/tank1/${u}  # which will be "tank1/username" in the docker data volume
+  accs:
+    rwmda: ${u}  # read-write-move-delete-admin for that username
+
+
+[/m8s/${u%-su}]  # users which are NOT members of group "su" gets /m8s/username
+  /w/tank2/${u}  # which will be "tank2/username" in the docker data volume
+  accs:
+    rwmda: ${u}  # read-write-move-delete-admin for that username
+
+
 # and create some strategic volumes to prevent anyone from gaining
 # unintended access to priv folders if the users/groups db is lost
 [/u]
@@ -88,3 +102,7 @@
  /w/lounge
  accs:
    rwmda: @su
+[/sus]
+  /w/tank1
+[/m8s]
+  /w/tank2