QED:Folder-Based Access Restrictions
From QED
In addition to the other mechanisms for restricting access, QED has an access control system for independently restricting read and edit privileges on all pages within any top-level folder on a folder-by-folder basis.
Access to uploaded files can also be restricted using folder-based access control lists (ACLs).
For example, in the Project: namespace, there is a page called Project:Lumi, which could have subpages such as Project:Lumi/Photos and Project:Lumi/Photos/2006. Folder-based access restrictions defined for the Project:Lumi folder would apply to all pages with the "Project:Lumi/" prefix as well as to uploaded files and media description pages that are specifically tagged as being logically in the Project:Lumi folder.
If you wish to restrict access to pages within a folder, please send mail to qed@princeton.edu, because administrative privileges are required to setup folder-based access restrictions.
Contents |
Key Features
Key features of the folder-based system are that:
- the folder-based read-access restrictions do not apply to the top-level page of a folder;
- the restrictions apply to all subpages of a top-level page within the same namespace;
- the restrictions defined for a specific folder can be applied to uploaded files and their media description pages (i.e. pages in the Image: namespace);
- the restrictions are in addition to all other restrictions;
- restrictions on reading and on editing are managed independently;
- the additional read-restrictions for an entire folder can be lifted or re-imposed by modifying the protected status of a single file, and similarly for write-restrictions;
- the list of users with read permissions for a particular folder can be readily viewed and edited, and similarly for the list of users with write-permissions;
- decentralized administration of folder-based access restrictions is supported;
- these folder-based restrictions do not apply to administrators.
Restricting Access to Pages within a Folder
The following table summarizes the folder-based system for restricting acces to pages within a folder. "ACL" stands for "Access Control List", "Xyzzy" represents the name of the applicable top-level folder, and "Other:" is a namespace such as Course:, Project:, or Princeton:. Further details are provided below.
| folder delimiter character | Prefix to use with Xyzzy/read: or Xyzzy/edit: | Example ACL page | |
| Main namespace | / | (none) | Xyzzy/read: |
| "Image:" namespace | = | Image/ | Image/Xyzzy/read: |
| Any other namespace | / | Other: | Princeton:Xyzzy/read: |
Note that every page is regarded as being in a top-level folder in its namespace as specified in the table above. If a page has no folder-delimiter character in its name, it is regarded as being in the root folder of its namespace.
Restricting Access to Uploaded Files and their Description Pages
Note: If you wish to ensure read-access to an uploaded file is permanently restricted to logged-in users, it is recommended that you include the copyright symbol © in its name.
To restrict access to an uploaded file and its media description page based on the access control lists of a folder, simply add a template reference of the form {{Folder:NAMESPACE:FOLDER}} somewhere on the description page, where NAMESPACE is the name of the namespace, and FOLDER is the name of the folder. If the folder is in the main namespace, the incantation is simply: {{Folder:FOLDER}}.
For example, if you want the Project:Lumi ACLs to limit access to an uploaded file and its media description page, the text to add would be {{Folder:Project:Lumi}}.
Adding this text will only limit access so long as the folder-based restrictions are in effect and so long as the text is included. For this reason, we recommend against relying on folder-based access restrictions to restrict access to highly confidential files.
It is recommended that some content be added to the template — see e.g. Template:Folder:MG.
Restricting search
The QED search engine can be configured to ensure that users who cannot view pages in a folder will also be unable to see snippets from pages in that folder when they conduct a search. If you want the QED search engine to respect the privacy of a folder in this way, please send mail to qed@princeton.edu.
The QED search engine is the one used when one enters text in the top search box. Pages in read-restricted folders are effectively invisible to public search engines.
Folders in the Image: namespace
In the Image: namespace, a top-level folder can also be defined using "=" as the folder delimiter; for example, the top-level folder of the page "Image:Fair Use=Picasso 1922.jpg" is "Fair Use".
The edit: and read: Pages
Given a page in the Xyzzy folder in a namespace other than Image:, the corresponding ACL pages have names of the form "Xyzzy/edit:" and "Xyzzy/read:". The trailing ":" is to avoid name conflicts.
Similarly, given a page having a name of the form Image:Xyzzy/filename, the corresponding ACL pages have names of the form "Image/Xyzzy/edit:" and "Image/Xyzzy/read:".
The ACL pages hold lists of userids of privileged users. The list is simply a sequence of userids, separated from each other by white-space and/or commas.
The ability to edit a page implies the ability to read a page. Therefore, if a userid is listed on the Xyzzy/edit: page, there is no need to include it on the Xyzzy/read: page.
Administration
QED supports decentralized administration of folder-based access restrictions.
Specifically, users listed in the protect: page within a folder may modify the contents and protection status of a folder's edit: and read: pages, provided that the protect: page itself has been protected.
For example, the users listed on the "Xyzzy/protect:" page may modify the "Xyzzy/edit:" and "Xyzzy/read:" pages once it has been protected.
Users with global sysop privileges may also modify any ACL.
For further details about ACLs, see Help:ACL.
Example
While the Xyzzy project is in its early stages, the editors wish to limit access to its QED web pages to themselves. In this case, it is sufficient to take the following steps:
- Enter the list of privileged users on the page named "Xyzzy/edit:"
- Create an empty page named "Xyzzy/read:"
- Protect both these pages (this requires special permission).
As the project nears completion, additional userids can be added to the Xyzzy/read: folder, and when the project is ready to be unveiled to the general public, the Xyzzy/read: page can simply be unprotected.
