[Moin-user] + and - in ACLs
Michael P. Soulier
michael_soulier at mitel.com
Fri Oct 29 11:47:00 EDT 2004
On 29/10/04 Skip Montanaro did say:
> #acl SomeUser:read,write SomeGroup:read,write,admin All:read
>
> To make the system more flexible, there are also two modifiers: the
> prefixes '+' and '-'. When they are used, the given ACL entry will only
> match if the user is requesting the given rights. As an example, the
> above ACL could also be written as:
>
> #acl -SomeUser:admin SomeGroup:read,write,admin All:read
>
> Or even:
>
> #acl +All:read -SomeUser:admin SomeGroup:read,write,admin
>
> doesn't explain what is happening as MoinMoin processes the page. In
> addition, by not explaining how they differ it implies that + and - are
> somehow interchangeable.
I believe + and - add or remove the given right, respectively, and do
not stop processing at a match.
Thus, #acl +All:read -SomeUser:admin SomeGroup:read,write,admin
With +All:read, that adds read permission to everyone, and continues
processing. -SomeUser:admin removes admin access for SomeUser, and
continues processing. If you are in SomeGroup, the processing will stop
with the last entry. Otherwise, you're on to default acls.
Mike
--
Michael P. Soulier <michael_soulier at mitel.com>, 613-592-2122 x2522
6000/6010/60* Development, Mitel Corporation
"...the word HACK is used as a verb to indicate a massive amount of nerd-like
effort." -Harley Hahn, A Student's Guide to Unix
More information about the Moin-user
mailing list