Differences

This shows you the differences between two versions of the page.

--- acl [2016-05-10 00:04] – changing gender pronouns to make gender neutral 71.6.32.162
+++ acl [2017-09-05 10:29] – 183.16.192.248
@@ Line 3: / Line 3: @@
 [[DokuWiki]] --- like most wikis --- is very open by default. Everyone is allowed to create, edit and delete pages. However sometimes it makes sense to restrict access to certain or all pages. This is when the //Access Control List// (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured.
+{{:aclexample.png?400|}}
 ===== Configuration and Setup =====
@@ Line 14: / Line 14: @@
   * Config option [[config:useacl]] -- enable ACL usage
   * Config option [[config:superuser]] -- setup superusers with ACL granting rights
-  * Config option [[config:disableactions]] -- allows you to disable open registration
+  * Config option [[config:openregister]] -- allows you to disable open registration
   * Config option [[config:defaultgroup]] -- the default group to which new users are added
   * [[plugin:usermanager|User Manager]] -- managing users
@@ Line 50: / Line 50: @@
     * by selecting a known group or user from the dropdown menu
     * or by selecting "User:" or "Group:" and entering the group or user name in the field
-  - set the appropriate permission
+  - set the appropriate permissions
 Existing rules can be modified or deleted in the table at the bottom of the ACL manager.
@@ Line 76: / Line 76: @@
 {{:aclexample2.png}}
+FIXME - Should the group be changed to @user in the table, which I thought was the default group?
 This time we look what rules will match for different users when trying to access the page ''private:bobspage''.
@@ Line 140: / Line 142: @@
 :!: **Note:** When using $conf['authtype'] = 'ad'; and groups names with spaces needing to be written in the acl.auth.php with a "%5f" replacing the spaces instead of "%20". This is because Group names with spaces are first converted into underscores "_" which are "%5f".
-:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore.
+:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can only overwrite existing media files if the [[config:mediarevisions|media revisions]] option is enabled.
 ==== User Wildcards ====
@@ Line 153: / Line 155: @@
 #
 # Grant full access to logged in user's namespace
-user:%USER%:*          %USER%  AUTH_DELETE
+user:%USER%:*          %USER%  16
 #
 # Allow to browse own namespace via the index
-user:                  %USER%  AUTH_READ
+user:                  %USER%  1
 #
 # Allow read only access to start page located in "user" namespace
-user:start             %USER%  AUTH_READ
+user:start             %USER%  1
 #
 # Disable all access to user's home namespaces not owned by logged in user
 # (include view namespaces via the index)
-user:*                 @user   AUTH_NONE
+user:*                 @user   0
 #
 # Allow members of 'group' to edit pages in the 'group' namespace.
-# be careful, if you have a user namespace, all members of the default group
+# BE CAREFUL, if you have a 'user' namespace, all members of the default group
-# will gain access to it
+# will gain access to it since %GROUP% will be replaced literally
-%GROUP%:*               %GROUP% AUTH_EDIT
+%GROUP%:*               %GROUP% 2
 </file>