param (
    [Parameter(Position=0, Mandatory=$true)] [string] $user,
    [Parameter(ParameterSetName="Instance")] [string] $instance
)

# If there's an error in a call such as $cfg.settings.Lock(), it is important that the script stops.
# Continuing while another application is also potentially modifying settings may corrupt them.

$ErrorActionPreference = "Stop"

# The PowerShell instance executing this script needs to run elevated, as administrator, to access SSH Server settings.

$cfg = new-object -com "Bitvise.BssCfg"

if ($instance) {
    $cfg.SetInstance($instance)
}


# Settings must be locked while undergoing change to preserve their integrity.
# If you lock settings and do not unlock them, no other process will be able to edit settings until the object is released.

$cfg.settings.Lock()
try
{
    $cfg.settings.Load()

    # Find specified virtual account
    $acct = $cfg.settings.access.virtAccounts.FirstWhere1("virtAccount eq ?", $user)

    if (-not $acct) {
        Write-Error "A virtual account named $user could not be found in SSH Server settings."
    } else {
        $mountPoints = $acct.xfer.mountPoints


        # Clear any existing mount points. To add a mount point without removing previous mount points, remove this line:

        $mountPoints.Clear()


        # This example creates a new mount point. To modify an existing mount point, find it first. Example:
        # $mp = $mountPoints.FirstWhere1("sfsMountPath eq ?", "/")

        $mp = $mountPoints.new


        # New example mount point with non-default permissions. Permissions configured here are SSH Server permissions.
        # Windows filesystem permissions also apply independently, and in addition to, SSH Server permissions.
        # Windows filesystem permissions are configured outside of SSH Server settings, in the Windows filesystem.
        # For virtual accounts, effective Windows permissions are those which apply to the Windows account which provides
        # the security context for the virtual account logon session. By default, this is BvSsh_VirtualUsers.
        
        $mp.sfsMountPath = "/"
        $mp.realRootPath = "C:\SftpRoot\Subdir"
        $mp.listAccess = $true
        $mp.readExistAccess = $false
        $mp.writeExistAccess = $false
        $mp.deleteExistAccess = $false
        $mp.readWriteDeleteNewAccess = $true
        $mp.createDirAccess = $false
        $mp.createLinkAccess = $false
        

        # To create a new mount point, the new entry must be committed. To modify an existing mount point, remove this line:

        $mountPoints.NewCommit()
        

        # Save SSH Server settings. The 'finally' block unlocks them

        $cfg.settings.Save()
        Write-Host "Mount point '/' for SSH Server virtual account $user has been configured."
    }
}
finally
    { $cfg.settings.Unlock() }