View source for Access Control Lists

Also available in ((../Deutsch/Zugriffssteuerung Deutsch)), ((../Español/ControlAcceso Español)), ((../Français/GestionDesDroits Française)), ((../Русский/ПраваДоступа Русский)), ((../Polski/PrawaDostępu Polski)) 

{{toc numerate=1}}

===Access rights===
Every page has five access control lists (ACLs), ##read##, ##write##, ##comment##, ##create## and ##upload##, which can be modified by the page owner (usually the user who created the page). ##read## defines who is allowed to view the page, ##write## defines who is allowed to edit it, and ##comment## defines who is allowed to attach comments.

All ACLs are plain text lists containing a number of user names or the ##*## placeholder representing "everyone". Entries can be inverted by appending them with an exclamation mark. For example, while ##*## means "everybody has access", ##!*## means "nobody has access". The exclamation mark modifier works with user names, too, of course.

An empty list implies "nobody has access". For example, if the ##write## ACL only contains the line ##""SomeGuy""##, only the ""SomeGuy"" user has access, but no one else. If it contains a line with ##*## and another line with ##""!SomeGuy""##, it means everybody has access //except// ""SomeGuy"".

The ##read##, ##write##, ##comment##, ##create## and ##upload## ACLs are available for every page on the site; Custom PageHandlers can introduce extra ACLs as needed. 

In WackoWiki you can edit the ACL for every page.

an ACL consists of the following permissions
  * **read**
  * **write**
  * **comment**
  * **create**
  * **upload**

the values for each permission are:
  * ##""*""## - everyone is allowed
  * ##$## - only registered users
  * ##!## - a preceding exclamation mark denies the respective right
  * ##[UserName]## - names of allowed users
  * ##[GroupName]## - names of allowed usergroup (alias)
  * ##(an empty list)## - only the page owner has access

file:/permissions_handler.png

===Inheritance===
Access rights are inherited. In other words, if you create a new page below an existing (i.e. a child page), this new page will have the same access rights as the parent document for it. Inheritance happens when you create a page, and in consequence the rights of the child or the parent documents can be changed without detriment to each other.

One exception to the inheritance rules is the right to edit the document, which is inherited from the ACL on the creation of sub-pages. That is, for example, if you create sub-pages below this can only Boris and Anna, then, by creating sub-pages, only they will be able to edit it.

===Groups ===
Groups can be administered via the ((/Doc/English/AdminPanel Admin panel)).

file:/ap_groups_en.png

WackoWiki supports groups of users (aliases). Only site administrator can create and edit aliases.

Names of aliases are case independent.

Alias **Admins** is special. All of its members are admins, and, for example, can delete or rename any page.

===Defaults ===
After installing the default value for every action is set as defined in config_default.php.

file:/ap_permissions_en.png

The defaults are stored in ##((Configuration Secondary Config))##:

  1. ##default_read_acl##
  1. ##default_write_acl##
  1. ##default_comment_acl##
  1. ##default_create_acl##
  1. ##default_upload_acl##


eg: if you want only registered users to be able to edit a page change the default values to:
%%
'default_read_acl' => '*',
'default_write_acl' => '$',
'default_comment_acl' => '$',
'default_create_acl' => '$',
'default_upload_acl' => 'Admins',%%

''Note: Changing the defaults will only affect new created pages!''
??Pages which were created before changing the defaults will keep there original ACL!.??

If you want to change all acls you could do it with a simple sql query:
%%(sql)UPDATE wacko_acl SET list = "$" WHERE privilege = "write";%%

If some of the acl's have been set to specific users, it will be better to only update those pages where write privileges are currently set to 'allow all'
%%(sql) UPDATE wacko_acl SET list =  '$' WHERE privilege =  'write' AND list =  '*'; %%