[Moin-user] Questions on the capabilities of Moin ACLs

Bryan Derksen bryan.derksen at shaw.ca
Mon Oct 4 20:10:42 EDT 2004 

My wiki is currently still just a sparkle in my eye and I'm shopping around 
to find the right wiki engine to build it upon. It's going to be a site for 
amateur authors to post works of fiction, discuss them, write collaborative 
stories and articles, create indexes, etc., and I'd like to have a slightly 
peculiar feature that just might be possible for MoinMoin ACLs to handle. 
Ideally, I'd like to give each user his own personal subspace that is 
editable only by him, to allow him to post his own personal stories without 
having to worry about monitoring them for vandalism and such.

For example, if I were to sign on to the wiki with the username Bryan, then 
the following pages should be editable only by myself (and admins):

Bryan
Bryan/Richard III
Bryan/Richard III/Act 6
etc.

In the case of another person with the username Joe, I should be unable to 
edit his Joe/ subspace and he shouldn't be able to edit Bryan/.

I've given http://moinmoin.wikiwikiweb.de/HelpOnAccessControlLists a 
read-through and it looks like there are some wonderfully fine-grained 
controls, but I don't see any way to apply different default ACLs to pages 
based on their title. This is my most ambitious approach to the problem, 
though, so if it's impossible I've got a fallback I'd be fine with. Can I 
set up an ACL so that a non-admin user can set his own ACL on a _new_ page, 
but not on one that already exists? That way authors would still be able to 
"claim" pages to put their stories on, but wouldn't allow them to override 
each other's ACLs or lock people out of existing public pages (I expect 
them to be well-behaved but it only takes one bad apple to make a mess :). 
I can even make a guess at how to do this:

acl_rights_default = "AuthorGroup:read,write"
acl_rights_after = "AuthorGroup:admin,read,write"

Am I right in believing that on pages that don't exist yet only 
acl_rights_after applies, and as soon as they're created (and assuming the 
new page wasn't given an ACL of its own by the page creator) 
acl_rights_default comes into effect too? If I'm understanding this right, 
this would result in "default" AuthorGroup rights overriding "after" 
AuthorGroup rights only on pages that already exist, not on newly-created ones.

More information about the Moin-user mailing list