DokuWiki

It's better when it's simple

User Tools

Site Tools


acl

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
acl [2017-05-02 11:46]
188.162.36.163 [Access Control Lists (ACL)]
acl [2017-10-28 10:52] (current)
Aleksandr
Line 1: Line 1:
-====== Access Control Lists (ACL) ======+====== Access Control Lists (ACL)======
  
 [[DokuWiki]] --- like most wikis --- is very open by default. Everyone is allowed to create, edit and delete pages. However ​sometimes it makes sense to restrict access to certain or all pages. This is when the //Access Control List// (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured. [[DokuWiki]] --- like most wikis --- is very open by default. Everyone is allowed to create, edit and delete pages. However ​sometimes it makes sense to restrict access to certain or all pages. This is when the //Access Control List// (ACL) comes into play. This page gives an overview of how ACLs work in DokuWiki and how they are configured.
  
 +{{:​aclexample.png?​400|}}
  
- 
-дльтлдт 
 ===== Configuration and Setup =====  ===== Configuration and Setup ===== 
  
Line 16: Line 15:
   * Config option [[config:​useacl]] -- enable ACL usage   * Config option [[config:​useacl]] -- enable ACL usage
   * Config option [[config:​superuser]] -- setup superusers with ACL granting rights   * Config option [[config:​superuser]] -- setup superusers with ACL granting rights
-  * Config option [[config:​openregister]] -- allows you to disable open registration+  * Config option [[config:​openregister]] -- allows you to disable open registration ​FIXME
   * Config option [[config:​defaultgroup]] -- the default group to which new users are added   * Config option [[config:​defaultgroup]] -- the default group to which new users are added
   * [[plugin:​usermanager|User Manager]] -- managing users   * [[plugin:​usermanager|User Manager]] -- managing users
Line 52: Line 51:
     * by selecting a known group or user from the dropdown menu     * by selecting a known group or user from the dropdown menu
     * or by selecting "​User:"​ or "​Group:"​ and entering the group or user name in the field     * or by selecting "​User:"​ or "​Group:"​ and entering the group or user name in the field
-  - set the appropriate ​permission+  - set the appropriate ​permissions
  
 Existing rules can be modified or deleted in the table at the bottom of the ACL manager. Existing rules can be modified or deleted in the table at the bottom of the ACL manager.
Line 144: Line 143:
 :!: **Note:** When using $conf['​authtype'​] = '​ad';​ and groups names with spaces needing to be written in the acl.auth.php with a "​%5f"​ replacing the spaces instead of "​%20"​. This is because Group names with spaces are first converted into underscores "​_"​ which are "​%5f"​. :!: **Note:** When using $conf['​authtype'​] = '​ad';​ and groups names with spaces needing to be written in the acl.auth.php with a "​%5f"​ replacing the spaces instead of "​%20"​. This is because Group names with spaces are first converted into underscores "​_"​ which are "​%5f"​.
  
-:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can not overwrite existing media files anymore.+:!: **Note:** The delete permission affects media files only. Pages can be deleted (and restored) by everyone with at least edit permission. Someone who has upload permissions but no delete permissions can only overwrite existing media files if the [[config:​mediarevisions|media revisions]] option is enabled.
  
 ==== User Wildcards ==== ==== User Wildcards ====
Line 157: Line 156:
 # #
 # Grant full access to logged in user's namespace # Grant full access to logged in user's namespace
-user:​%USER%:​* ​         %USER%  ​AUTH_DELETE+user:​%USER%:​* ​         %USER%  ​16
 # #
 # Allow to browse own namespace via the index # Allow to browse own namespace via the index
-user:                  %USER%  ​AUTH_READ+user:                  %USER%  ​1
 # #
 # Allow read only access to start page located in "​user"​ namespace ​ # Allow read only access to start page located in "​user"​ namespace ​
-user:​start ​            ​%USER%  ​AUTH_READ+user:​start ​            ​%USER%  ​1
 # #
 # Disable all access to user's home namespaces not owned by logged in user  # Disable all access to user's home namespaces not owned by logged in user 
 # (include view namespaces via the index) ​ # (include view namespaces via the index) ​
-user:​* ​                ​@user ​  AUTH_NONE+user:​* ​                ​@user ​  0
 # #
 # Allow members of '​group'​ to edit pages in the '​group'​ namespace. # Allow members of '​group'​ to edit pages in the '​group'​ namespace.
-be careful, if you have a user namespace, all members of the default group  +BE CAREFUL, if you have a 'user' ​namespace, all members of the default group  
-# will gain access to it +# will gain access to it since %GROUP% will be replaced literally 
-%GROUP%:​* ​              ​%GROUP% ​AUTH_EDIT+%GROUP%:​* ​              ​%GROUP% ​2
 </​file>​ </​file>​
  
acl.1493718380.txt.gz · Last modified: 2017-05-02 11:46 by 188.162.36.163