Permissions
Polifonic provides a fine-grained permission system which determines exactly what can do what on what page.
Wiki meister and Page id admin::users:roles is invalid. have full access to all the wiki's pages, irrespective to permissions set.
Permissions are defined as a combination of:
- who
- can do what
- on what pages
Who
Who can be:
-
@ALLanyone (including anonymous users) -
@USERSany authenticated user - any individual user (identified by her username)
- members of a group (
@group_name)
Can do what
Permissions cover the following actions:
-
do nothing: access to the asset is restricted. -
read: asset can be read (viewed) but no modified. -
read/edit: asset can be modified. -
read/edit/create: a new page can be created. -
read/edit/create/upload: a file can be uploaded. -
do everything: the asset can be deleted.
Permissions are incremental; if a permission further down the list is granted, the previous permissions (further up in the list) are included. For example, a user granted the read/edit permission on a page is also allowed to read the page. it follows that the do everything permission is the highest permission that can be granted and is equivalent to full control.
On what
Permissions apply to either an individual page or a namespace.
If applied to an individual page, then only that page is concerned.
If applied to a namespace, the permission applies to any page within that namespace; this includes pages in nested namespaces.
Priority
A more specific permission always takes precedence over a less specific one.
For example, a permission (on a given asset) for a user would take precedence over the permission on the same asset for a group to which the user belongs.
Similarly, a permission for a given user on a given page would take precedence over the permission for the same user on the namespace to which the page belongs.
To restrict access to a set of pages to a group, you would therefore create 2 permissions:
- restrict access to
@ALL - grant access to
@group