[Moin-user] + and - in ACLs

Michael P. Soulier michael_soulier at mitel.com
Fri Oct 29 11:47:00 EDT 2004

On 29/10/04 Skip Montanaro did say:

>     #acl SomeUser:read,write SomeGroup:read,write,admin All:read
>     To make the system more flexible, there are also two modifiers: the
>     prefixes '+' and '-'. When they are used, the given ACL entry will only
>     match if the user is requesting the given rights. As an example, the
>     above ACL could also be written as:
>     #acl -SomeUser:admin SomeGroup:read,write,admin All:read
>     Or even:
>     #acl +All:read -SomeUser:admin SomeGroup:read,write,admin
> doesn't explain what is happening as MoinMoin processes the page.  In
> addition, by not explaining how they differ it implies that + and - are
> somehow interchangeable.

I believe + and - add or remove the given right, respectively, and do
not stop processing at a match. 

Thus, #acl +All:read -SomeUser:admin SomeGroup:read,write,admin

With +All:read, that adds read permission to everyone, and continues
processing. -SomeUser:admin removes admin access for SomeUser, and
continues processing. If you are in SomeGroup, the processing will stop
with the last entry. Otherwise, you're on to default acls.


Michael P. Soulier <michael_soulier at mitel.com>, 613-592-2122 x2522
6000/6010/60* Development, Mitel Corporation
"...the word HACK is used as a verb to indicate a massive amount of nerd-like
effort." -Harley Hahn, A Student's Guide to Unix

More information about the Moin-user mailing list