Local vs External Users or who can send to whom
LiquidFiles tries to behave as extension to your email system, and lots of basic concepts and security is mimic'd on this fundamental architectural decision.
With an email system, you have your users that can send emails to anyone on the Internet (assuming your not using a secret internal military email system), and users on the Internet can send emails to your users. Furthermore, users on the Internet cannot send emails to other users on the Internet through your email system.
LiquidFiles starts with this exact assumption. You have internal/local users, that can send files to anyone on the Internet. And you have external users that can send files back to you. External users cannot send files to other external users.
If we look at an example system at https://liquidfiles.springfield.com/, we can see the following users configured:
In this simple example, following the principle that local users can send to anyone, and external users can send to everyone except external users, we can see that:
- email@example.com — can send to everyone except firstname.lastname@example.org. Sending to email@example.com would be the equivalent of an external user on the Internet emailing another external user on the Internet using your email server.
- firstname.lastname@example.org ‐ same as email@example.com, can send to anyone on the system except firstname.lastname@example.org.
- email@example.com — can't send files to anyone, but can login and download files sent to him.
- firstname.lastname@example.org, email@example.com & firstname.lastname@example.org — can send files to everyone.
Sending to users not on the system
Ok, so what about email@example.com? Lenny works at the Power Plant and has a powerplant.com email address, but is not yet on the system. With the current configuration, local users (homer@, burns@ & smithers@) can send to firstname.lastname@example.org, but not anyone else.
If we want to enable external users to send to anyone @powerplant.com, we can enable that by editing the External Users Group in Admin → Groups. If we scroll down a little bit on that page, we can see this:
By configuring the "Limit Recipient Domains" to include powerplant.com and springfield.com, we have now enabled users in the External Users group to send files to anyone in those domains, regardless if they are added on the LiquidFiles system or not.
The check box below is what makes External Users being able to send to all users currently on the system that are configured as local users.
Limiting Local Users
The same configuration can also be applied to any other group of users. Lets say that you want to create a closed system, you can configure "Limit Recipient Domains" on the Local Users group to be the same as in the example above, powerplant.com and springfield.com. If you do, this will limit homer@ from sending files to email@example.com, but he can still send to firstname.lastname@example.org and email@example.com.
With these settings, you can be as creative as you need to be, and you're not limited to the default groups on the LiquidFiles system either. Lets say that you want firstname.lastname@example.org have the ability to send to other users @powerplant.com, but not to anyone else. You can simply create a new group, "Restricted Power Plant Users", set the "Limit Recipient Domains" to @powerplant.com and add carl@ to that group. Please see the Groups documentation for instructions how to automatically assign users to groups.
Configuration wise, and external user is simply a user that belongs to a group that has the "External" check box enabled in the Admin → Groups → Edit:
External users are specifically for users external to the organisation. You cannot configure internal users as external and have them send files.
What would happen if you add news.com to the list of "Limit Recipient Domains" to the External Users group? It would disable email@example.com completely. An external user can never send to their own domain, regardless of setting. There is no setting in LiquidFiles that would enable firstname.lastname@example.org to be able to send to email@example.com as long as firstname.lastname@example.org is configured as an external user. If you add news.com to the Limit Recipient Domains for external users and login as email@example.com, you will see the following:
This means that if you have a situation where external users needs to collaborate with each other, they will need to be configured as local users (or any other group that is not configured as external users). An example of this would be if your accounting and auditing department is collaborating with a few users @ourauditors.com, and everyone needs to be able to send files to everyone. You will then need to configure the users @ourauditors.com as local users, or setup a new group for them and set the Limit Recipient Domains to @powerplant.com and @ourauditors.com so that they can send to yours and their company, but not to anyone else. To round it of, the suggested configuration would also include to automatically assign users that belong to the @ourauditors.com domain to this group. Please see the Groups documentation for instructions how to automatically assign users to groups.