Introduction

This page provides an alternative description to that at HelpOnAccessControlLists, which AlexisHuxley found quite difficult to understand.

Procedure

  1. Think about what rights should be granted; for the moment don't think about when they need to be applied. Make a table for this information. Be sure to consider anonymous users. E.g, AlexisHuxley thought this would be suitable for this wiki:

    which people

    description of rights

    wiki admins

    all rights

    anonymous users

    no rights except read

    designated editors

    all rights except admin
  2. Ensure the following conditions are met:
    1. the smallest group is the most powerful
    2. the largest group is the least powerful

    3. no groups partially overlap (no overlap or total overlap are both acceptable)

    If these conditions are not met then think again.

  3. Assign group names for the people in the above table; anonymous users are in the group 'All' (yes, I know this sounds wrong, but it will work out okay); other people must be in groups with names ending with Group and update your table accordingly. E.g. AlexisHuxley decided upon AdminGroup, EditorGroup so this gave:

    group name

    description of rights

    AdminGroup

    all rights

    All

    no rights except read

    EditorGroup

    all rights except admin

  4. Look at the names of the rights listed at HelpOnAccessControlLists and update your table to use these names instead. E.g. AlexisHuxley's table then looked like this:

    group name

    rights

    AdminGroup

    read,write,delete,revert,admin

    All

    read

    EditorGroup

    read,write,delete,revert

  5. Order the rows in the table from the smallest and most powerful group to the biggest and least powerful group, considering the group 'All' as the biggest and least powerful. E.g. AlexisHuxley's table then looked like this:

    group name

    rights

    AdminGroup

    read,write,delete,revert,admin

    EditorGroup

    read,write,delete,revert

    All

    read

  6. Replace the line separating the columns with a colon and ensure there are no spaces in each line. E.g. AlexisHuxley's table then looked like this:

    ACL

    AdminGroup:read,write,delete,revert,admin

    EditorGroup:read,write,delete,revert

    All:read

  7. In your <NameOfWiki>.py file, assign the smallest and most powerful group's ACL to acl_rights_before, assign the biggest and least powerful group's ACL to acl_rights_after and assign all remaining ACLs to acl_rights_default, ordering them from smallest and most powerful to biggest and least powerful; separate them with spaces if there are more than one. The format of these assignments should be: 

    <variable_name>    = u'first_acl second_acl third_acl'

    E.g. AlexisHuxley made the following assignments: 

    acl_rights_before  = u'AdminGroup:read,write,delete,revert,admin'
acl_rights_default = u'EditorGroup:read,write,delete,revert'
acl_rights_after   = u'All:read'

Page-specific ACL recipies

To deny anonymous users even read-access put the following in the page: 

#acl Default All:

To allow anonymous users write access put the following in the page: 

#acl Default All:read,write

See also

CategoryProcedure

SettingUpMoinMoinAccessLists (last edited 2009-12-05 16:26:12 by AlexisHuxley)