[edit] This site was an experiment and as of April 7th, 2009 is no longer accepting changes. It is kept up for archival and reference purposes. New work is ongoing in the direction of having a Pointrel Social Semantic Desktop instead of a Halo Semantic MediaWiki.

From Oscomak

Question

question:=What are Access Control Lists (ACL)?

Answer

description:=ACLs are used to restrict access for users in the wiki. The ACL extension is deployed with SMW+.

What are access control lists?

ACLs are used to restrict access for users in the wiki. For example, if you have a group of users who are only allowed to read category pages, you can force that by writing a rule. Or let's say, you don't want certain users to create new pages in the wiki, but read and edit only existing ones. This and more is possible with ACLs.

How do I create ACLs?

First of all, you must install the ACL extension. It's deployed with SMW+, but not activated by default. To activate it, add the following lines to your LocalSettings.php:

 require_once('extensions/PermissionACL.php');
 if (file_exists('ACLs.php')) require_once('ACLs.php');

Then a new restricted special page (available only to sysops) should appear: Access Control Lists.

You can see 4 sections:

(1) Rule section: All currently existing rules show up here. It's a table with four columns:

• Groups: The group name for which the rule applies or *.
• Namespaces: The namespace for which the rule applies or *.
• Actions: The operation for which the rule applies or *.
• Permission: Permit or Deny

An asterisk (*) means all.

In the top left corner, you see 2 buttons. They can be used to switch the rules' order. Just select a rule and click 'up' or 'down' to move it in the list. This can be necessary because the rules are processed from top to bottom. The first rule which applies is used!

(2) Whitelist: A comma-separated list of pages. These pages are not restricted by any access rule. Some pages are on the whitelist by default and cannot be removed: Userlogin, Userlogout, Resetpass, ACL. (They will not be displayed in the GUI interface)

(3) Superusers: A comma-separated list of users which are superusers. These users can do anything and are not restricted by any access rule.

(4) New rule section: This section allows to assemble a new rule. Just pick the right items out of the list and click 'Add rule'. Now it is added in the list. To submit the new rule to the server and activate it, press 'Update rules'.

Note

Please take care that always one superuser is specified. Otherwise it may happen by accident that you deny using the wiki to everyone. Although the ACL page is still available directly by URL, you cannot access it normally by browsing. If this happens though, you can always clear all rules by deleting the file ACLs.php in your MW root dir.