Steven W. Orr wrote:
acl processing works as (from HelpOnAccessControlLists page):
I created a page called (let's say) OurGroup. The content is
Then I *think* I want to say this at the top of every page that I want to
restrict. Is it sufficient to say this at the top of each of the pages?
#acl OurGroup:read,write,revert,admin All:
So, unless your acl_rights_before allows others, your acl will do what
you want. Also, you do not need to add the "All:" part unless the
acl_rights_after actually allows others.
- processing sequence: acl_rights_before, A/B/C/D,
- the first ACL matching the user is used
- acl_rights_default is what is done if no ACLs are used
on the page
The acl_rights_default is ignored if your page includes an acl (third
Will this do the trick?
Also, my acl_rights_default is currently set as:
acl_rights_default = u'Known:read,write,delete,revert All:read'
Not from what I can see. The members of OurGroup have access because
your acl allows it, which does not depend on acl_rights_default (which
follows your acl in the processing sequence, and is ignored because you
provide an acl).
Can I assume that the presumption is that what I'm describing will work
*because* FreddyFish and myself will be logged in and therefore Known?
Hope this helps,