DokuWiki

It's better when it's simple

User Tools

Site Tools


plugin:distributedacl

distributedACL

Compatible with DokuWiki

  • 2017-02-19 "Frusterick Manners" unknown
  • 2016-06-26 "Elenor Of Tsort" unknown
  • 2015-08-10 "Detritus" yes
  • 2014-09-29 "Hrun" unknown

plugin An enhanced ACL management system

Last updated on
2008-04-18
Provides
Action

Tagged with acl

Why

Standard DokuWiki ACL manager has a strong limitation, ACL management can't be delegated to other users but site-wide admin and/or managers.

the Idea

With this action plugin, ACL information can be written in wiki pages, so the permission to edit a pages in a particular namespace means the permission to edit ACL of a corresponding page or namespace.

How it works

You can define a specific namespace under which you create pages with the same hierarchy of the root tree.

For example if you have a namespace named “xx:yy:” and you want to grant Edit privilege to user “john” on it, you have to create the page “acl:xx:yy:start” (“start” is the page you set as “Start page name” in DokuWiki config), and write into it:

E:john

When you submit, an ACL like

xx:yy:*     john      2 # distributedACL autogenerated for xx:yy:* #

is immediately written into conf/acl.auth.php.

If you want to set a permission for a page named “xx:yy:mypage” create the page “acl:xx:yy:mypage”.

Syntax

In the page you should write:

perm:whoAccess
perm:whoAccess
perm:whoAccess
PermDescriptionDokuWiki ACL
N None (deny anything) 0
R Read 1
E Edit 2
C Create 4
U Upload 8
D Delete 16
W alias for “Delete” 16

whoAccess can be a username or a @group.

Delegated ACL

If you want to permit a user (or a group) to edit ACLs for a namespace or a page, you have to grant him to edit the corresponding page into “acl:”.

For example, you want JOE to edit ACLs for “xx:yy:*”:

To do that he should edit the page “acl:xx:yy:start”. To grant him to do it, you edit the page “acl:acl:xx:yy:start” and write:

C:JOE

and so, a permission will be created to grant JOE to edit “acl:xx:yy:*”. When he edit “acl:xx:yy:home”, he set ACLs for “xx:yy:”.

Configuration

The only configuration you can make is the ACL namespace, into the action.php set the variable $ACLNAMESPACE to the namespace you want. Default is “acl:”.

Known Issues

When a user change permission for a namespace or a page, all permission to that (only for that item) will be overwritten, if you inserted other ACL to that item by the standard aclplugin they will disappear.

If your wiki use distributedACL I suggest, to avoid confusion, to stop using standard aclplugin, or at least don't use distributedACL and aclplugin to manage ACLs for the same namespace or page.

plugin/distributedacl.txt · Last modified: 2015-12-16 15:18 by 193.206.80.80