[Moin-user] ACLs and user homepages

Christopher MacMinn cmac at mit.edu
Wed Feb 25 14:36:29 EST 2009

> > I am using MoinMoin to run a non-wiki website.  My config ACL setup is:
> >
> > acl_rights_default = u'Administrators:read,write,delete,revert,admin
> > All:read'
> > acl_rights_before  = u'Administrators:read,write,delete,revert,admin'
> >
> That sounds wrong because the page name has to end with Group or you
> have to show your page_group_regex definition.

Sorry, I think my message was confusing -- I meant "Administrators" as just
a placeholder for the names of some administrators, such as
"Admin1,Admin2,Admin3", not to refer to a Group.

(But I could of course create a group such as "AdminGroup" with those same
names, and use that instead of listing them.)

> What I would like is for (logged-in) users to automatically have
> permission
> > to create and edit their own homepages, which they do not with these ACL
> > settings.  Thus far, I have been creating the user homepages myself and
> > setting the ACL on that page as:
> you could setup acl_rights_default = u"UserGroup:read,write All:read"
> that will enable people on the page UserGroup listed to change and
> create pages. If they are not logged in they can read.
> and acl_rights_before  =
> u'AdministratorsGroup:read,write,delete,revert,admin'
> also you could setup a special Known identifier e.g. acl_rights_default
> = u"Known:read,write" Then everyone with an account has this right.
> I do prefer to use the UserGroup page.

It seems to me that this would allow any user in the "UserGroup" (or any
"Known" user, for the second option) to edit ANY page.  Is that right?

I would rather that they can edit only their personal homepage, and not
other pages.

Best, C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20090225/d2fe8d86/attachment.html>

More information about the Moin-user mailing list