Table of Contents
distributedACL Plugin
Compatible with DokuWiki
- 2024-02-06 "Kaos" yes
- 2023-04-04 "Jack Jackrum" unknown
- 2022-07-31 "Igor" unknown
- 2020-07-29 "Hogfather" unknown
Why
Standard DokuWiki ACL manager has a strong limitation, ACL management can't be delegated to other users but site-wide admin and/or managers.
the Idea
With this action plugin, ACL information can be written in wiki pages, so the permission to edit a pages in a particular namespace means the permission to edit ACL of a corresponding page or namespace.
How it works
You can define a specific namespace under which you create pages with the same hierarchy of the root tree.
For example if you have a namespace named “xx:yy:” and you want to grant Edit privilege to user “john” on it, you have to create the page “acl:xx:yy:start” (“start” is the page you set as “Start page name” in DokuWiki config), and write into it:
E:john
When you submit, an ACL like
xx:yy:* john 2 # distributedACL autogenerated for xx:yy:* #
is immediately written into conf/acl.auth.php
.
If you want to set a permission for a page named “xx:yy:mypage” create the page “acl:xx:yy:mypage”.
Syntax
In the page you should write:
perm:whoAccess perm:whoAccess perm:whoAccess
Perm | Description | DokuWiki ACL |
---|---|---|
N | None (deny anything) | 0 |
R | Read | 1 |
E | Edit | 2 |
C | Create | 4 |
U | Upload | 8 |
D | Delete | 16 |
W | alias for “Delete” | 16 |
whoAccess can be a username or a @group.
Delegated ACL
If you want to permit a user (or a group) to edit ACLs for a namespace or a page, you have to grant him to edit the corresponding page into “acl:”.
For example, you want JOE to edit ACLs for “xx:yy:*”:
To do that he should edit the page “acl:xx:yy:start”. To grant him to do it, you edit the page “acl:acl:xx:yy:start” and write:
C:JOE
and so, a permission will be created to grant JOE to edit “acl:xx:yy:*”. When he edit “acl:xx:yy:home”, he set ACLs for “xx:yy:”.
Configuration
The only configuration you can make is the ACL namespace, into the
action.php
set the variable $ACLNAMESPACE
to the namespace you want. Default is “acl:”.
Known Issues
When a user change permission for a namespace or a page, all permission
to that (only for that item) will be overwritten, if you inserted other
ACL to that item by the standard aclplugin
they will disappear.
If your wiki use distributedACL I suggest, to avoid confusion, to stop
using standard aclplugin
, or at least don't use distributedACL
and aclplugin
to manage ACLs for the same namespace or page.