Table of contents ▼▲
Protecting content
Although the wiki concept is to allow anyone to modify its contents, there comes a time when it is necessary to put limits in place. These limits could be to prevent certain information from being viewed, or to stop changes from being made to content, etc...
Access Control Lists
WikiDX addresses these concerns with ACL's1). When an action is requested, for example browsing a page, the ACL is probed and either allows or rejects the request. This functionality is given by the 'acl/auth_acl' plugin (included by default).The list is a data structure containing entries that specify user or groups rights to directories and pages. An example of an ACL follows
* : @ALL : 1 # Allow everyone to view all pages (level 1 access)
* : @NAMED : 2 # Allow users who have logged in to edit (level 2 access)
wikidx/docs* : darren : 8 # only darren can create pages in the docs directory
important : @ALL : 0 # Revoke access to page 'important' to everyone
important : @admin : 255 # Only allow access to this page if you are in the admin group
Note:WikiDX uses the same principles, but stores the list in XML format.
In the above example there are multiple entries for the '@ALL' group. This leads to the question of which one is used.. Precedence is granted in the following order (lowest first)
- directory : usergroup
- page : usergroup
- directory : user
- page : user
Access Levels
The current access levels are| Access Level | defined as | Description |
|---|---|---|
| 0 | AuthNone | No access |
| 1 | AuthRead | Read / browse |
| 2 | AuthEdit | edit |
| 4 | AuthCreate | Create new pages (not implemented yet) |
| 8 | AuthUpload | upload attachments (not implemented yet) |
| 255 | AuthAdmin | admin screens |
Parameters / Options
- $AuthAllowRegister (True / False) - allow users to self register... (Not yet implemented)
- $AuthFuncion - Holds the name of function to run authority checks against
Using alternate control mechanisms
You can implement an alternate mechanism by changing the variable$AuthFunction to point to a different function. The API::CheckAccess($lvl) call will call this function and expects a true|false return.
Files Used
There are two files used to store the ACL's. Both of these are located in the /data/ directory.- __acl_auth.acl - What can be viewed by who..
- __acl_users.acl - List of user accounts.
1) Access Control Lists