Granular access to server files

[BazZziliuS]

💡 Proposal: Granular access to server files

Problem

Currently, when adding a user to a server in the panel, he gets access to all files of the server.
However, in real teams, it is often necessary to provide access only to certain folders/files, excluding private or critical data.

Why is this needed

• Security: restricting access to private files (mods, keys, licenses).
• Separation of roles: a game designer only needs configs, not mods or binaries.
• Control: the administrator can flexibly regulate rights, avoiding risks.

How it can work

1. When adding a user, the administrator specifies allowed paths (folders/files).
2. The user sees only available elements in the file manager.
3. Access can be set:

• at the directory level (/config, /plugins),
• at the level of individual files (server.cfg, whitelist.json).

4. When trying to open or change an inaccessible file, the user receives the error "Insufficient rights".

Supplement: Configuration via .pelican

• A hidden directory is created in the server root:

/.pelican/

• It contains an access settings file (for example, .accessrules), which works on the principle of .gitignore.
• Syntax: you can specify paths and roles/users for whom they are allowed or denied.

Example (.pelican/accessrules):

# Deny everyone access to mods
/mods/* deny *

# Allow only game designer access to config
/config/* allow role:GameDesigner

# Access only to admin
/keys/* allow role:Admin

Benefit

• Convenient declarative rights system without complex GUI settings.
• Ability to version rules together with the project.
• Flexibility: you can combine GUI (panel) and file configuration.

[rmartinoscar]

This feels over complicated we could add a .gitignore like field in user edit like we do for backups

[mristau]

that would make for a nice upgrade to allow/disallow files/folder per user, it could have like 1-2 presets in admin area maybe, but like this would be fine too