History: Permission Management
Source of version: 25
Copy to clipboard
A profile would not be very useful if it could not grant rights appropriately for groups. Profiles allow to create groups and to modify the permissions of existing groups using a unified syntax.
The permissions block is a top level block.
!Example
!!Group Permissions Example
{CODE(caption=>YAML,wrap=>1)}
permissions:
Anonymous:
allow: [ export_wiki ]
Registered:
description: Will be ignored because group is already created
allow: [ edit, minor ]
deny: [ export_wiki ]
Moderators:
description: Trusted users watching the recent changes to avoid spam
allow: [ rollback ]
include: [ Registered ]
{CODE}
!!Group Permissions and Object Permissions Example
{CODE(caption=>YAML,wrap=>1)}
permissions:
Anonymous:
allow: [ export_wiki ]
Registered:
description: Will be ignored because group is already created
allow: [ edit, minor ]
deny: [ export_wiki ]
Moderators:
description: Trusted users watching the recent changes to avoid spam
allow: [ rollback ]
include: [ Registered ]
objects:
-
type: forum
id: $moderator_discussion_forum
allow: [ forum_post, forum_post_topic, forum_read ]
{CODE}
!! Dynamic group name example
The dynamic groups are useful when ((Data Channels)) are used to set-up workspaces. Based on user input or object reference, a dynamic group name can be created and used instead of the simple group name.
{CODE(caption=>YAML,wrap=>1)}
mappings:
Member: Member ($profileobject:some_ref$)
Leader: Leader ($profileobject:some_ref$)
permissions:
Member:
allow: [ view, edit ]
Leader:
allow: [ view, edit, rollback ]
{CODE}
In the above example, the group respectively named 'Member (ref)' and 'Leader (ref)' will be created if they did not exist (if ref is the input you give in the form)
Permissions can be set to specific objects as long as the ID is known or it was also created by a profile using ((Object References)). The object type does not have to be supported by Tiki Profiles, but a static ID will have to be provided.
!Group attributes
Unless mentioned otherwise, these attributes only apply on group creation
||__Field name__|__Mandatory__|__Value__
description| |Group description
allow| |List of permissions granted to the group. Permissions are as used in tikiwiki, except initial ''tiki_p_'' is removed. Applies on existing groups.
deny| |Negative permissions. Same as ''allow''. Applies on existing groups.
include| |Group name or list of included groups. Applies even if the group exists. Will replace the current list of included groups.
autojoin| |When enabled, the user running the profile will automatically join the group.
objects| |List of ''objects permissions''. (see below)
home| |URL of the group home.
theme| |Default theme for members.
user_signup| |y or n, users can join this group themselves
default_category| |Category ID.
user_tracker| |Tracker ID.
group_tracker| |Tracker ID.
registration_fields| |List of tracker fields to display in the registration form.
||
!Object permissions
||__Field name__|__Mandatory__|__Value__
type|yes|Object type, as known in tikiwiki or profiles
id|yes|Object ID.
allow| |Similar to group allow.
deny| |Similar to group deny
||
!!Related tool
^The YAML Camel for permissions.
You can use [http://profiles.tikiwiki.org/tiki-download_wiki_attachment.php?attId=4&download=y|this spreadsheet"] - attatched to this page to create (most of) the YAML markup you need to create a permissions profile. It contained all the tiki perms as of 2008, and allowed assists the creation of a vertical permission stack. (Excel 2007)^