Resources · Documentation

WebPal Administration Guide

This guide covers all administrative functions available to WebPal administrators. Administrative features are accessible from the Server section in the top navigation bar.

Version 4.0 Last Updated: May 2026 WebPal 4.2+

Note

All administrative actions require an account with the admin role. Regular users and guest users do not have access to the Server section.

Managing Users

The Users page (/users) provides a full view of all accounts on your WebPal installation.

Viewing Users

The Users page shows a table of all users with:

Avatar (initials with a deterministic colour)
Full name and username (login)
Email address
Role badge (Admin / User / Guest)
Status badge (Active / Inactive)
Number of group memberships
Action buttons (Edit, Delete)

The list is paginated. Use the search field to filter by name, email, or username.

Adding a New User

Click the Add User button.
Fill in the required fields:
- Username (login) — must be unique; can be a single word or email address. Usernames are case-insensitive. Leading or trailing whitespace is not allowed.
- First name and Last name
- Email address — required for password resets and document share notifications
- Password — set an initial password (the user can change it after first login)
- Role — admin, user, or guest
Optionally assign the user to Groups and Shared Drives immediately.
Click Save.
Once saved, the Send Login Details button appears. Click it to email the login credentials to the user's registered email address.

Tip

You can always resend login details or reset a user's password from their profile at any time.

Editing a User

Click the Edit button (pencil icon) next to the user, or click the user's name.
Update any fields in the user profile.
Click Save.

Editable fields include:

Name and email
Password (leave blank to keep the current password)
Role (admin/user/guest)
Login type (controls whether the user can log in via the UI, API, both, or not at all)
Language and timezone preferences
Group memberships
Shared drive assignments
Website assignments

Deleting a User

Click the Delete button (trash icon) next to the user.
Confirm the deletion in the prompt.

Important

You cannot delete your own account. An administrator cannot delete themselves.

SSH Keys

An SSH key is automatically issued when a user is created. The key is displayed in the user's profile and can be used for programmatic access.

User Roles

WebPal has three user roles:

Role	Description
Admin	Full access to all documents, websites, administration functions, and AI agents. Can manage all users, groups, and shared drives.
User	Can access assigned shared drives, websites, and documents shared with them. Cannot access the Server administration section.
Guest	Limited access. Typically used for external collaborators. Guests can only access specific documents or folders that have been explicitly shared with them.

Groups

Groups allow you to organise users and manage access to shared drives and documents collectively.

Viewing Groups

Navigate to Server → Groups to see all groups. The list shows each group's name and member count.

Creating a Group

Click Add Group.
Enter a Group Name and optional description.
Search for and select members to add.
Click Save (or Next).

Editing a Group

Double-click a group name (or click the Edit button) to open the group editor:

Rename the group
Add members by searching for users
Remove members using the remove button next to each member's name

Deleting a Group

Click the Delete button next to the group. A confirmation prompt will appear.

Note

The following system groups are protected and cannot be renamed or deleted:

admin — Administrators
web-admin — Website administrators
web-developer — Website developers
ai user agents — AI agent accounts

Group Membership in User Profiles

Admins can also manage group membership from within a user's profile page. A Groups card shows the user's current groups as editable chips — click the × to remove a membership, or type in the search field to add.

Shared Drives

Shared drives are top-level folders that multiple users can access simultaneously. They are the primary mechanism for collaborative document management.

What is a Shared Drive?

A shared drive appears in a user's document tree as a top-level root folder alongside their personal drives. When a folder is set up as a shared drive, it can be assigned to multiple users with configurable permissions.

Permissions Model

Each shared drive assignment has a set of permissions:

Permission	Description
View online	User can view documents in the browser
Download as PDF	User can download documents converted to PDF
Download as original	User can download files in their original format
Upload a new version	User can upload new versions of existing documents
Move or delete documents	User can move or delete files within the drive
Add documents	User can add new documents to the drive
Create folders	User can create subfolders
Share documents and folders	User can share items from this drive with other users

Assigning a Shared Drive to a User

From the user's profile:

Scroll to the Shared Drives section.
Click to select one or more drives.
Set the permission level for each drive.
Click Save.

Creating a System Shared Drive

A system shared drive is a special drive that provides a designated working area for a user or group. To create one programmatically, use the XML API createSystemShare command (see API Reference).

Testing Shared Drive Permissions

After assigning a shared drive and permissions, log in as the user (or use an incognito window) to verify:

The drive appears in the user's document tree
Actions that should be allowed work correctly
Actions that should be blocked are not available

Two-Factor Authentication (2FA)

WebPal supports two-factor authentication via SMS or voice call (using Twilio). When enabled for a user:

After entering credentials, the user is prompted for a verification code.
The code is sent to the user's registered phone number.
After entering the correct code, the user is logged in.

2FA Account Lockout

If a user enters an incorrect 2FA code too many times, their account is locked. An administrator can reset the lockout from the user's profile.

Managing Sites

The Sites section of the Server panel lets administrators manage which websites are available and which users have access.

Adding Users to a Site

Navigate to Server → Sites.
Select the site you want to manage.
Click Add User and select the user from the list.
Click Save.

You can also multi-select users to add them to a site in bulk.

Removing Users from a Site

Select the user in the site's user list and click Remove.

Creating a New Site

New sites are created from the Sites section. See Content Management → Creating a Web for details.

Adding a Publish Destination

To publish a WebPal site to a live web server, a publish connector must be configured:

Open the site in the Sites administration view.
Click Add Connector.
Enter the destination server credentials (host, user, password, path).
Save the connector.

After publishing, the site content is deployed to the destination server.

Activity Log

The Activity Log provides a full audit trail of all user actions in WebPal.

Accessing the Activity Log

Navigate to Server → Activity Log (or Activity in the top navigation, if available).

Reading the Log

The log displays entries with:

Time — when the action occurred
User — who performed the action
Action — what was done (Uploaded, Downloaded, Shared, Deleted, Logged In, etc.)
Object — the document, folder, or user affected
Details — additional context

The log can be sorted by any column by clicking the column header.

Filtering the Log

Use the search and filter options to narrow the view by user, action type, or date range.

Exporting the Log

Click Export to download the activity log as an Excel spreadsheet. This is useful for compliance reporting or auditing.

Per-Document Activity

Administrators and authorised users can also view the activity history for a specific document from the document's detail panel in the Documents section (see Document Activity History).

Monitoring Usage

WebPal tracks usage statistics that help administrators understand how the system is being used.

Usage Reports

From Server → Usage, you can view:

Storage consumed per user and per drive
Number of documents per folder
Activity summaries

Email System Configuration

WebPal uses Laravel Mail for all outgoing email (share notifications, password resets, system alerts).

Environment Configuration

Email is configured via environment variables in the server's .env file:

MAIL_MAILER=smtp
MAIL_HOST=smtp.example.com
MAIL_PORT=587
MAIL_USERNAME=youruser@example.com
MAIL_PASSWORD=yourpassword
MAIL_ENCRYPTION=tls
MAIL_FROM_ADDRESS=noreply@example.com
MAIL_FROM_NAME="WebPal"

Email Templates

All system emails (share notifications, password reset, login details) use Blade email templates that match the WebPal 4 visual design. To customise a template, publish the vendor views:

php artisan vendor:publish --tag=webpal-email-views

Incoming Email Processing

WebPal can receive and process incoming emails, routing them to the AI agent pipeline. This is used for automated workflows such as the Meeting Summary Workflow.

Procmail Integration

Add a rule to .procmailrc to pipe incoming email to WebPal:

:0
| /usr/bin/php /path/to/artisan email:receive --sender="$SENDER" --recipient="$RECIPIENT"

Mailbox Monitoring

Alternatively, watch an existing mailbox file for new messages:

# Monitor an mbox file
php artisan mailbox:watch /var/spool/mail/user --format=mbox

# Monitor a Maildir directory
php artisan mailbox:watch /home/user/Maildir --format=maildir

Email Storage

Received emails are stored in the mailbox_emails database table and passed to the Document Agent for processing. The agent can be configured to:

Generate a summary document
Forward information to the requesting user
Trigger a multi-step workflow (see AI Workflows → Meeting Summary Workflow)

Security Considerations

Session Management

WebPal uses Redis-backed sessions with configurable expiry. Idle sessions expire automatically. Users who click Sign Out explicitly clear their session immediately.

Password Policy

Administrators can configure:

Minimum password length and complexity
Password expiry period (password_valid_to on the user record)
Whether users can log in with UI, API, or both (login_type)

Access Control

WebPal enforces access at multiple levels:

Role level — Admin, User, or Guest
Drive/folder level — Shared drive permissions
Share level — Per-share permissions with optional expiry
API level — Sanctum token-based access for programmatic use

Audit Trail

All user actions are logged in the activity_log table with the user ID, timestamp, action type, affected object, and access method (UI, WebDAV, or API). This log is tamper-evident and cannot be modified by regular users.

Content Security Policy

WebPal uses the Spatie CSP package. Image sources from external services (e.g., AI image generation CDNs) can be added via the CSP_IMG_SOURCES environment variable without code changes.

WebDAV

WebPal exposes a full WebDAV interface that allows users to mount their document repository as a network drive from any operating system.

WebDAV URL

https://YOURSERVER.webpal.net/webdav

Mounting on Windows

In Windows Explorer, click Map network drive.
Enter the WebDAV URL.
Check Connect using different credentials and enter your WebPal username and password.

Mounting on macOS

In Finder, press Cmd+K.
Enter the WebDAV URL.
Click Connect and enter your credentials.

Mounting on Linux

Use davfs2:

sudo mount -t davfs https://YOURSERVER.webpal.net/webdav /mnt/webpal -o username=YOURLOGIN

WebDAV Permissions

WebDAV access respects the same permissions as the web UI. Users can only access folders and files they are authorised to access. All WebDAV actions are logged in the activity log with program_mode = webdav.

AI Agent Administration

For details on configuring and managing AI agents, see the AI Workflows and Agents section, specifically:

Was this page helpful?

Last reviewed by the WebPal docs team · May 2026