Where to create user groups?

Support
1

Hi, new to Cockpit. Loving it so far.

Anyway, been trying out Cockpit through Docker, to try it out. I can’t seem to find out where to create user groups and set permissions.

Am I overlooking something…?

Thanks!

2

via https://github.com/serjoscha87/cockpit_GROUPS . Currently bugged, see issues.

3

Oh, I didn’t even know there was a groups add-on. Will check that out.

Thanks.

4

You can create groups via config file.

example for /config/config.php:

https://getcockpit.com/documentation/reference/configuration

# define additional groups
    'groups' => [
        'author' => [
            '$admin' => false,
            '$vars' => [
                'finder.path' => '/storage/upload'
            ],
            'cockpit' => [
                'backend' => true,
                'finder' => true
            ],
            'collections' => [
                'manage' => true
            ]
        ]
    ],

example for /config/config.yaml instead:

groups:
  author:
    cockpit:
      backend: true
    collections:
      manage: true
5

Could anyone provide some more detailed description of the options and possibilities these group-settings can have? An example is nice, but for me it is not clear, what

groups:
  author:
    cockpit:
      backend: true

actually means.

My concrete questions:

  • Can I create a group, that only has access to adding items to a single collection / singleton?
  • Can I specify that a group can only upload files to a specific folder?
6

i got the exact same question.
Did you have any new info?

7

If you search the source for ->hasaccess you can find all kind of checks for specific resource access checks.

The group config matches the following pattern

  groups:
    GROUP_NAME:
      RESOURCE_NAME:
        ACTION_NAME:
          BOOLEAN

and (most of) the hasaccess methods follow that pattern:

    'hasaccess' => function($resource, $action, $group = null) {

Resources : Actions

This is what I was able to extract from the source code:

  • cockpit: accounts, backend, unlockresources, finder, settings, rest, webhooks, info
  • collections: delete, create, manage
  • forms: manage, create
  • singletons: delete, create, manage
  • SINGLETON_NAME: edit, form
  • COLLECTION_NAME: entries_delete, entries_view, entries_create (collection_create) , entries_edit (collection_edit)

$vars

Also searching for getGroupVar( the following variables can be extracted

  • var : default
  • media.path : ‘/’
  • finder.path : ‘’
  • allowed_uploads : ‘*’
  • finder.allowed_uploads : allowed_uploads
  • assets.allowed_uploads : allowed_uploads
  • max_upload_size : 0
  • assets.max_upload_size : max_upload_size
8

Untested but this follows the pattern.

  groups:
    GROUP_NAME:
      RESOURCE_NAME:
        entries_delete: false
        entries_view: false
        entries_create: true
        entries_edit: false

And I’m not sure but the following group variables that might have an impact on that matter of confining a user group to a specific directory

  • var : default
  • media.path : ‘/’
  • finder.path : ‘’
  • assets.allowed_uploads : ‘*’