====== distributedACL ======

---- plugin ----
description: An enhanced ACL management system
author     : Dael Maselli
email      : Dael.Maselli@gmail.com
type       : action
lastupdate : 2008-04-18
compatible : 2007-06-26b ==> 2009-12-25c
depends    :
conflicts  :
similar    :
tags       : acl

downloadurl: http://www.lnf.infn.it/~dmaselli/distributedACL.zip
----


^  Download | [[http://www.lnf.infn.it/~dmaselli/distributedACL.zip|distributedACL.zip]]|

===== Why =====

Standard DokuWiki ACL manager has a strong limitation, ACL management can't be
delegated to other users but site-wide admin and/or managers.


===== the Idea =====

With this action plugin, ACL information can be written in wiki pages, so
the permission to edit a pages in a particular namespace means the permission
to edit ACL of a corresponding page or namespace.


===== How it works =====

You can define a specific namespace under which you create pages with
the same hierarchy of the root tree.

**For example** if you have a namespace
named "xx:yy:" and you want to grant Edit privilege to user "john" on it,
you have to create the page "acl:xx:yy:start" ("start" is the page you
set as "Start page name" in DokuWiki config), and write into it:

  E:john

When you submit, an ACL like

  xx:yy:*     john      2 # distributedACL autogenerated for xx:yy:* #

is immediately written into ''conf/acl.auth.php''.

If you want to set a permission for a page named "xx:yy:mypage" create
the page "acl:xx:yy:mypage".
===== Syntax =====

In the page you should write:

  perm:whoAccess
  perm:whoAccess
  perm:whoAccess

^Perm^Description^DokuWiki ACL^
^  ''N''  | None (deny anything) |   0|
^  ''R''  | Read                 |   1| 
^  ''E''  | Edit                 |   2|
^  ''C''  | Create               |   4|
^  ''U''  | Upload               |   8|
^  ''D''  | Delete               |  16|
^  ''W''  | alias for "Delete"   |  16|

**whoAccess** can be a username or a @group.

===== Delegated ACL =====

If you want to permit a user (or a group) to edit ACLs for a namespace or
a page, you have to grant him to edit the corresponding page into "acl:".

**For example**, you want JOE to edit ACLs for "xx:yy:*":

To do that he should edit the page "acl:xx:yy:start". To grant him to do it,
you edit the page "acl:acl:xx:yy:start" and write:

  C:JOE

and so, a permission will be created to grant JOE to edit "acl:xx:yy:*".
When he edit "acl:xx:yy:home", he set ACLs for "xx:yy:".


===== Configuration =====

The only configuration you can make is the ACL namespace, into the
''action.php'' set the variable ''$ACLNAMESPACE''
to the namespace you want. Default is "acl:".


===== Known Issues =====

When a user change permission for a namespace or a page, all permission
to that (only for that item) will be overwritten, if you inserted other
ACL to that item by the standard ''aclplugin'' they will disappear.

If your wiki use distributedACL I suggest, to avoid confusion, to stop
using standard ''aclplugin'', or at least don't use ''distributedACL''
and ''aclplugin'' to manage ACLs for the same namespace or page.