Roles and Permissions Support

Starting from version 6.0, you can add/edit roles and permission for users. A role is just a group of users with some pre-defined permissions, you can toggle user roles in user list page at admin panel.

In version 6.0, we support 10 permissions, more permissions will be added later.

In version 6.1, we added a new permission role_quota which can be used to set quota for a certain role of users. For example, we can set the quota of employee to 100G by adding 'role_quota': '100g', and leave other role of users to the default quota.

Seafile comes with two build-in roles default and guest, a default user is a normal user with permissions as followings:

  1.     'default': {
  2.         'can_add_repo': True,
  3.         'can_add_group': True,
  4.         'can_view_org': True,
  5.         'can_use_global_address_book': True,
  6.         'can_generate_share_link': True,
  7.         'can_generate_upload_link': True,
  8.         'can_invite_guest': False,
  9.         'can_connect_with_android_clients': True,
  10.         'can_connect_with_ios_clients': True,
  11.         'can_connect_with_desktop_clients': True,
  12.         'role_quota': '',
  13.     },

While a guest user can only read files/folders in the system, here are the permissions for a guest user:

  1.     'guest': {
  2.         'can_add_repo': False,
  3.         'can_add_group': False,
  4.         'can_view_org': False,
  5.         'can_use_global_address_book': False,
  6.         'can_generate_share_link': False,
  7.         'can_generate_upload_link': False,
  8.         'can_invite_guest': False,
  9.         'can_connect_with_android_clients': False,
  10.         'can_connect_with_ios_clients': False,
  11.         'can_connect_with_desktop_clients': False,
  12.         'role_quota': '',
  13.     },

Edit build-in roles

If you want to edit the permissions of build-in roles, e.g. default users can invite guest, guest users can view repos in organization, you can add following lines to seahub_settings.py with corresponding permissions set to True.

  1. ENABLED_ROLE_PERMISSIONS = {
  2.     'default': {
  3.         'can_add_repo': True,
  4.         'can_add_group': True,
  5.         'can_view_org': True,
  6.         'can_use_global_address_book': True,
  7.         'can_generate_share_link': True,
  8.         'can_generate_upload_link': True,
  9.         'can_invite_guest': True,
  10.         'can_connect_with_android_clients': True,
  11.         'can_connect_with_ios_clients': True,
  12.         'can_connect_with_desktop_clients': True,
  13.         'role_quota': '',
  14.     },
  15.     'guest': {
  16.         'can_add_repo': False,
  17.         'can_add_group': False,
  18.         'can_view_org': True,
  19.         'can_use_global_address_book': False,
  20.         'can_generate_share_link': False,
  21.         'can_generate_upload_link': False,
  22.         'can_invite_guest': False,
  23.         'can_connect_with_android_clients': False,
  24.         'can_connect_with_ios_clients': False,
  25.         'can_connect_with_desktop_clients': False,
  26.         'role_quota': '',
  27.     }
  28. }

More about guest invitation feature

An user who has can_invite_guest permission can invite people outside of the organization as guest.

In order to use this feature, in addition to granting can_invite_guest permission to the user, add the following line to seahub_settings.py,

  1. ENABLE_GUEST_INVITATION = True

After restarting, users who have can_invite_guest permission will see “Invite People” section at sidebar of home page.

Users can invite a guest user by providing his/her email address, system will email the invite link to the user.

Tip: If you want to block certain email addresses for the invitation, you can define a blacklist, e.g.

  1. INVITATION_ACCEPTER_BLACKLIST = ["a@a.com", "*@a-a-a.com", r".*@(foo|bar).com", ]

After that, email address “a@a.com”, any email address ends with “@a-a-a.com” and any email address ends with “@foo.com” or “@bar.com” will not be allowed.

Add custom roles

If you want to add a new role and assign some users with this role, e.g. new role employee can invite guest and have all other permissions a default user has, you can add following lines to seahub_settings.py

  1. ENABLED_ROLE_PERMISSIONS = {
  2.     'default': {
  3.         'can_add_repo': True,
  4.         'can_add_group': True,
  5.         'can_view_org': True,
  6.         'can_use_global_address_book': True,
  7.         'can_generate_share_link': True,
  8.         'can_generate_upload_link': True,
  9.         'can_invite_guest': False,
  10.         'can_connect_with_android_clients': True,
  11.         'can_connect_with_ios_clients': True,
  12.         'can_connect_with_desktop_clients': True,
  13.         'role_quota': '',
  14.     },
  15.     'guest': {
  16.         'can_add_repo': False,
  17.         'can_add_group': False,
  18.         'can_view_org': False,
  19.         'can_use_global_address_book': False,
  20.         'can_generate_share_link': False,
  21.         'can_generate_upload_link': False,
  22.         'can_invite_guest': False,
  23.         'can_connect_with_android_clients': False,
  24.         'can_connect_with_ios_clients': False,
  25.         'can_connect_with_desktop_clients': False,
  26.         'role_quota': '',
  27.     },
  28.     'employee': {
  29.         'can_add_repo': True,
  30.         'can_add_group': True,
  31.         'can_view_org': True,
  32.         'can_use_global_address_book': True,
  33.         'can_generate_share_link': True,
  34.         'can_generate_upload_link': True,
  35.         'can_invite_guest': True,
  36.         'can_connect_with_android_clients': True,
  37.         'can_connect_with_ios_clients': True,
  38.         'can_connect_with_desktop_clients': True,
  39.         'role_quota': '',
  40.     },
  41. }