Access Control Lists (ACL)

Every page has three access control lists (ACLs), read, write and comment, which can be modified by the page owner (usually the user who created the page). read defines who is allowed to view the page, write defines who is allowed to edit it, and comment defines who is allowed to attach comments.

All ACLs are plain text lists containing a number of user names or the "*" placeholder representing “everyone”. Entries can be inverted by appending them with an exclamation mark. For example, while * means “everybody has access”, !* means “nobody has access”. The exclamation mark modifier works with user names, too, of course.

An empty list implies “nobody has access”. For example, if the write ACL only contains the line SomeGuy, only the SomeGuy user has access, but noone else. If it contains a line with * and another line with !SomeGuy, it means everybody has access except SomeGuy.

The read, write and comment ACLs are available for every page on the site; Custom PageHandlers can introduce extra ACLs as needed.

In WackoWiki you can edit the ACL for every page.

an ACL consists of

• read
• write
• comment

permissions

the values for each permission are:

• * – everyone is allowed
• $ – only registered users
• ! –
• [UserName] – names of allowed users

Aliases AKA Groups

WackoWiki supports groups of users (aliases). Only site administrator can create and edit aliases.
To create alias, you need edit wakka.config.php like this:

$wakkaConfig['aliases'] = array( 'Admins' => "RomanIvanov", 'OverSite' => "RomanIvanov\nAlekseyKulakov", );

This will create alias Admins with one member RomanIvanov and alias Oversite with RomanIvanov & AlekseyKulakov members.

Names of aliases are case independent.

Alias Admins is special. All of its members are admins, and, for example, can delete or rename any page.

Defaults

After installing the default value for every action is set to * – all users (even unregistered users) have access.

The defaults are stored in wakka.config.php:

• default_write_acl
• default_read_acl
• default_comment_acl

eg: if you want only registered users to be able to edit a page change the default values to:
"default_write_acl" => "$", "default_read_acl" => "*", "default_comment_acl" => "*",

note: changing the defaults will only affect new created pages!
pages which were created before changing the defaults will keep there original acl!

If you want to change all acls you could do it with a simple sql query:


If some of the acl's have been set to specific users, it will be better to only update those pages where write privileges are currently set to 'allow all'

---

Questions:

I want to have the following defaults:
Owner is always the administrator, but also, everybody should have the right to edit the pages. How do I do this?

• RomanIvanov: There's no way to do it without code modification.
  If you tell us what is your aim, we'll think on implementing it.
• The problem is, that I wanted an area secure from reading, writing and commenting. I thoght, that if the admin had the rights to change the access over the ownership, it would be the easiestway
  In short. Admin should have the possibillity to change the access rights to a page.
• TomSpilman /14.07.2004 07:22/ — I have to agree. The admin or anyone in the admins group should be allowed full access to the site regardless of the ACL settings. This includes changing ACLs and ownership as well as reading, writing, deleting, etc.
• RomanIvanov: I think, there's a problem. Problem is: wiki people do not want to use wiki for personal goals if some admin can see all pages even with ACL read set to nobody.
  So, we can implement this option, but do not switch on by default. And we need a method for any user to distinguish between wikis with this option set to ON and OFF. Please, suggest this method.
• Just telling: I believe that such option is not needed. The admin can ALWAYS change the ACLs anyway

---

• You tell on this page about creating groups. But what can you do with this groups. Can you just write the group alias in the access right?
  • RomanIvanov: Yes.
• Is there any method to edit the aliases without having to change the config? I don't want to permit ssh or ftp access to the wiki folder but would still like to be able to let admin users edit the aliases.