Learn about DokuWiki
Learn about DokuWiki
Compatible with DokuWiki
This extension has not been updated in over 2 years. It may no longer be maintained or supported and may have compatibility issues.
Similar to aclinfo
|Compatibility with DokuWiki release Binky: works basically, but some features (?) won't do since outdated use of addinitevent|The download link (http://dokuwiki.yent.eu/aclauditor.zip) is down (2010/12/17). Back again, finished moving and server back online …
This plugin intends to help wiki admins to answer questions like “How is it possible that this user can edit this page, I must have messed up permissions, but which line is causing that ?” or “How can I ensure that my permissions are set properly ?”.
It proposes several features :
It was created at the Dokuwiki hackfest during FrOSCamp 2010, special thanks to Guy Brand for ideas regarding the scenario mode.
In this mode you can list permissions of a specific user or group (if none given then current user is used), list permissions applied on a specific resource (page or media) (similar to the default permission management, except that you cannot set permissions) or view how a user/group get its permission on a resource through permission inheritance pattern (and then track which permission record is messing the whole thing).
If you want to enter a group you must prepend it with the @ symbol.
The results will show, for each resource there is an ACL record for, the list of permissions that the user/group owns and the final permission on the resource according to inheritance rules.
The results will show all ACL applied on the resource.
This mode tells you in which way a permission for a user/group on a resource is constructed through inheritance patterns and specific matching rules.
In this mode you can test your ACL config against a list of rules (or scenario). The scenario is a simple csv file which lines look like :
foo:bar,joe,*,1 => checks if user joe or any of his groups gives him a "read" permission on page foo:bar foo:bar,joe,dev|prod,>=4 => checks if user joe, the dev group or the prod group get at least a "create" permission on page foo:bar foo:bar,joe,dev,!8 => checks if user joe or the dev group do not get a "upload" permission on page foo:bar foo:*,joe,,<2 => checks if user joe, without taking consideration of his groups, gets less than a "edit" permission on namespace foo
The scenario can be server side stored in order to use it later. The plugin accepts comma separated and semicolon separated CSV as well as quoted fields. Note that lines whose first field starts with the # symbol is considered as a comment line, if the first line is a comment line and if only its first field is filled it will be considered as the file description.
Server side stored scenarios are saved as csv files under the DOKUWIKI_ROOT/conf/aclauditor_scenarios directory.
|= or ==||is equal to|
|! or !=||is not equal to|
|<||is less than|
|⇐||is less than or equal to|
|>||is greater than|
|>=||is greater than or equal to|
# Scenario to test that the dev group have the good permissions,,, # id,user,groups,value doc:*,,dev,16 dev:*,,dev,16 # only joe can update news,,, news:*,joe,dev,4 # dev group musn't get access to foo:hidden_to_dev page foo:hidden_to_dev,,dev,<1
You can use the following syntax inside pages :
<ACLAUDITOR [options] />
It will display a “test acl” button to wiki admins that will allow them to do quick testing. The available options are :
|who||view permissions for user or group||<ACLAUDITOR who=joe /> <ACLAUDITOR who=@dev />|
|what||view permissions applied on resource|
|who and what||describe permission for user or group on resource||<ACLAUDITOR who=joe what=foo:bar /> (this is just a combination of the previous ones)|
|scenario||run a set of test rules from a scenario file||<ACLAUDITOR scenario=scenario_for_dev.csv /> (the value can be omitted to just create a shortcut to the scenario test mode page)|
Please check. I think, the @ALL-group is ignored on using “Get ACL applied on resource”?