Adding in allowed group prefixes functionality (allows you to enable auto mode for groups, but limit creation to just those groups with a matching prefix).

orware · orware · commit 50cb361405b0 · 2021-03-17T17:21:46.000-07:00
diff --git a/configuration.example.php b/configuration.example.php
@@ -191,6 +191,14 @@
     ]
 ];
 
+// Used only when auto groups mode is enabled and will help prevent all your groups from being
+// added into SFTPGo since only groups with the prefixes defined here will be automatically added
+// with prefixes automatically removed when listed as a virtual folder (e.g. a group with name
+// "sftpgo-example" would simply become "example").
+$allowed_group_prefixes = [
+    'sftpgo-'
+];
+
 // List of groups where a virtual folder will be created and associated with any group members:
 $allowed_groups = [];
 
diff --git a/functions.php b/functions.php
@@ -135,7 +135,8 @@ function createResponseObject($connectionName, $username, $groups = []) {
            $user_output_objects,
            $allowed_groups,
            $auto_groups_mode,
-           $auto_groups_mode_virtual_folder_template;
+           $auto_groups_mode_virtual_folder_template,
+           $allowed_group_prefixes;
 
     $userHomeDirectory = str_replace('#USERNAME#', $username, $home_directories[$connectionName]);
 
@@ -169,17 +170,32 @@ function createResponseObject($connectionName, $username, $groups = []) {
     if (!empty($groups)) {
         if ($auto_groups_mode) {
             foreach($groups as $group) {
-                if (isset($auto_groups_mode_virtual_folder_template)) {
-                    foreach($auto_groups_mode_virtual_folder_template as $virtual_group_folder) {
 
-                        $virtual_group_folder['name'] = str_replace('#GROUP#', $group, $virtual_group_folder['name']);
-                        $virtual_group_folder['mapped_path'] = str_replace('#GROUP#', $group, $virtual_group_folder['mapped_path']);
-                        $virtual_group_folder['virtual_path'] = str_replace('#GROUP#', $group, $virtual_group_folder['virtual_path']);
+                $allowed = true;
 
-                        $output['virtual_folders'][] = $virtual_group_folder;
+                if (!empty($allowed_group_prefixes)) {
+                    $allowed = false;
+                    foreach($allowed_group_prefixes as $allowed_group_prefix) {
+                        if (strpos($group, $allowed_group_prefix) === 0) {
+                            $allowed = true;
+                            $group = str_replace($allowed_group_prefix, '', $group);
+                        }
+                    }
+                }
+
+                if ($allowed) {
+                    if (isset($auto_groups_mode_virtual_folder_template)) {
+                        foreach($auto_groups_mode_virtual_folder_template as $virtual_group_folder) {
 
-                        // Defaulting to open permissions on the virtual group folder:
-                        $output['permissions'][$virtual_group_folder['virtual_path']] = ["*"];
+                            $virtual_group_folder['name'] = str_replace('#GROUP#', $group, $virtual_group_folder['name']);
+                            $virtual_group_folder['mapped_path'] = str_replace('#GROUP#', $group, $virtual_group_folder['mapped_path']);
+                            $virtual_group_folder['virtual_path'] = str_replace('#GROUP#', $group, $virtual_group_folder['virtual_path']);
+
+                            $output['virtual_folders'][] = $virtual_group_folder;
+
+                            // Defaulting to open permissions on the virtual group folder:
+                            $output['permissions'][$virtual_group_folder['virtual_path']] = ["*"];
+                        }
                     }
                 }
             }
