[Moin-user] ACLs and user homepages
Christopher MacMinn
cmac at mit.edu
Wed Feb 25 14:36:29 EST 2009
>
> > I am using MoinMoin to run a non-wiki website. My config ACL setup is:
> >
> > acl_rights_default = u'Administrators:read,write,delete,revert,admin
> > All:read'
> > acl_rights_before = u'Administrators:read,write,delete,revert,admin'
> >
>
> That sounds wrong because the page name has to end with Group or you
> have to show your page_group_regex definition.
>
Sorry, I think my message was confusing -- I meant "Administrators" as just
a placeholder for the names of some administrators, such as
"Admin1,Admin2,Admin3", not to refer to a Group.
(But I could of course create a group such as "AdminGroup" with those same
names, and use that instead of listing them.)
> What I would like is for (logged-in) users to automatically have
> permission
> > to create and edit their own homepages, which they do not with these ACL
> > settings. Thus far, I have been creating the user homepages myself and
> > setting the ACL on that page as:
>
>
> you could setup acl_rights_default = u"UserGroup:read,write All:read"
> that will enable people on the page UserGroup listed to change and
> create pages. If they are not logged in they can read.
> and acl_rights_before =
> u'AdministratorsGroup:read,write,delete,revert,admin'
>
> also you could setup a special Known identifier e.g. acl_rights_default
> = u"Known:read,write" Then everyone with an account has this right.
>
> I do prefer to use the UserGroup page.
>
It seems to me that this would allow any user in the "UserGroup" (or any
"Known" user, for the second option) to edit ANY page. Is that right?
I would rather that they can edit only their personal homepage, and not
other pages.
Best, C
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/moin-user/attachments/20090225/d2fe8d86/attachment.html>
More information about the Moin-user
mailing list