[Moin-user] Looking for suggestions on optimal way to set up ACL page control

Thilo Pfennig tpfennig at gmail.com
Tue May 9 03:09:06 EDT 2006


2006/4/19, Kenneth McDonald <kenneth.m.mcdonald at sbcglobal.net>:
> I can think of a few ways to do the following, but was wondering if
> others might be able to suggest an "optimal" solution. Also, I've been
> unable to find info on how templates interact with user permissions, and
> am hoping others can provide some advice on that.
>
> Our site will have four types of users:
>
>   * AdminGroup: Allowed to do anything.
>   * EditorGroup: Allowed to edit "doc pages" and "user pages"
>   * Known: Allowed to edit "user pages"
>   * All others; allowed only to read "doc pages" and "user pages".


My suggestions would be

1)

AutoAdminGroup:
 * Known

so that every normal user can edit his own page - and enable AutoAdmin in config


2)
  acl_rights_before = u"AdminGroup:read,write,delete,revert,admin"
  acl_rights_default= u"-All:read Known:read"

(Should "Known" be able to read all pages? )


3) About doc pages: There it would also make sense to use the
AutoAdmin feature, see also HelpOnAutoAdmin (you do not seem know
about that concept?). Also maybe docs should go under one subpage?

ACL for doc pages should be something like this:
#acl EditorGroup:read,write,revert Default

You can not give EditorGroup any rights in _before or -default,
because then they also could edit other pages. This is because we can
not yet give rights to specific pagesnames like for all pages starting
with Help*.

Thilo


--
http://wiki.pfennigsolutions.de




More information about the Moin-user mailing list