[Moin-user] I need to restrict some pages. ACL or multiple wikis?

John Marshall John.Marshall at ec.gc.ca
Mon Aug 17 10:46:41 EDT 2009

Steven W. Orr wrote:
> I created a page called (let's say) OurGroup. The content is
> #acl StevenOrr:read,write,delete,revert
>  * StevenOrr
>  * FreddyFish
> Then I *think* I want to say this at the top of every page that I want to
> restrict. Is it sufficient to say this at the top of each of the pages?
> #acl OurGroup:read,write,revert,admin All:
acl processing works as (from HelpOnAccessControlLists page):

    * processing sequence: acl_rights_before, A/B/C/D,
      [acl_rights_default], acl_rights_after
    * the *first ACL matching the user is used
    * acl_rights_default is *what is done if no ACLs are used on the page*

So, unless your acl_rights_before allows others, your acl will do what 
you want. Also, you do not need to add the "All:" part unless the 
acl_rights_after actually allows others.
> Will this do the trick?
> Also, my acl_rights_default is currently set as:
> acl_rights_default = u'Known:read,write,delete,revert All:read'
The acl_rights_default is ignored if your page includes an acl (third 
point above).
> Can I assume that the presumption is that what I'm describing will work
> *because* FreddyFish and myself will be logged in and therefore Known?
Not from what I can see. The members of OurGroup have access because 
your acl allows it, which does not depend on acl_rights_default (which 
follows your acl in the processing sequence, and is ignored because you 
provide an acl).

Hope this helps,

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20090817/3a8b5efb/attachment.html>

More information about the Moin-user mailing list