[Moin-user] Re: access control lists

Eric Davis endavis at gmail.com
Mon Jan 31 11:38:49 EST 2005


A little tidbit about ACLs, they use the first match.

acl_rights_before is scanned first for a match, then the actual page 
acls. Therefore, acl_rights_before will match before the actual acls on 
the page.

Given the setup that you have, FastDragon will have admin to all pages 
no matter what, and RaceCar,WingZero,and AngelaHiller will have 
read,write to all pages no matter what you put in the pages regarding 
any of these 4 users.  (In other words, rights in acl_rights_before 
cannot be taken away in acls on the page, but additional rights can be 
given from acls on the page.)

You can't do what you want with the setup you have.

Eric Davis



Dean Hiller wrote:

>>Still doesn't seem to be working....here are my new settings....
>>
>>config file......
>>    # Enable acl (0 to disable)
>>    acl_enabled = 1
>>
>>    # IMPORTANT: grant yourself admin rights! replace YourName with
>>    # your user name. See HelpOnAccessControlLists for more help.
>>    # All acl_right_xxx must use unicode [Unicode]
>>    acl_rights_before = u"FastDragon:read,write,delete,revert,admin
>>RaceCar,Wing
>>Zero,AngelaHiller:read,write"
>>
>>page....
>>#acl FastDragon:read,write,delete,revert,admin All:
>>WingZero,RaceCar,AngelaHiller:
>>
>>When I test this out with RaceCar, he can view this page still.
>>
>>What I really want is a locked down wiki so 4 people can
>>collaborate(FastDragon, RaceCar, WingZero, BigTalk), and they can also
> 
> have
> 
>>private pages from each other(except from the one Administrator which is
>>FastDragon).  It is hard to have my admin with a different name as two
> 
> users
> 
>>can't have the same e-mail address, otherwise I would create FastDragon
> 
> and
> 
>>WikiAdmin both with my e-mail.
>>
>>I probably should create two groups(members and admins), but it looked
>>complicated in the help.  I might go try again though.  I would then want
> 
> to
> 
>>lock that page so only I can add new members for now(or at least admins
>>could add new members and no one else)
>>
>>thanks for any pointers here.
>>dean
>>





More information about the Moin-user mailing list