Masks field - rejetto/hfs GitHub Wiki
The Masks field is a tricky but powerful way to describe permissions.
It is actually able to do anything, but the who-can fields in the interface are much easier to use, so you should try to use the latter whenever possible and recur to masks only when necessary. The who-can fields are quite easy to understand, trickier cases are the ones that require the use of masks.
To use it effectively you should know the syntax used internally by the VFS. You can read it about it here.
This field maps one or multiple file-masks to a set of properties. In this example we set permission for a single file:
myfile.txt:
can_see: false
can_read: false
Rules on top have priority over bottom rules. Inner rules have priority over parent's rules. A mask can carry any node property (even property "masks") plus a special property maskOnly (optional) to restrict the application of the mask to only files or folders, just by specifying exactly files or folders.
Examples
hide folder2 under folder1, and all mp3 files under folder3/folder4
"folder1/folder2|folder3/folder4/*.mp3":
can_see: false
Forbid zip files in a folder
Select the folder and enter these rules in the Masks field
"*.zip":
can_read: false
prevent download of all mp3 files, even in subfolders, and set mime type for .dat files
"**/*.mp3":
can_read: false
"*.dat":
mime: application/something
Forbid zip files in a folder and its subfolders
Select the folder and enter these rules in the Masks field
"**.zip":
can_read: false
**
is like *
but applies to subfolders too.
Allow zip files in a folder but not others
Select the folder and enter these rules in the Masks field
"*.zip":
can_read: true
"*":
can_read: false