QED:Folder-Based Access Restrictions
From QED
In addition to the other mechanisms for restricting access, QED has an access control system for independently restricting read and edit privileges on all pages within any top-level folder on a folder-by-folder basis.
Access to files (e.g. media files) and their description pages can also be restricted based on a folder's access control lists.
For example, in the main namespace, there is a page called Lumi, which could have subpages such as Lumi/Photos and Lumi/Photos/2006. Folder-based access restrictions defined for the Lumi folder in the main namespace would apply to all pages with the "Lumi/" prefix in the main namespace but not to pages in any other namespace, except for any media description pages that are specifically tagged as being logically in the Lumi folder.
If you wish to restrict access to pages within a folder, please send mail to qed@princeton.edu, because administrative privileges are required to setup folder-based access restrictions.
Key features of the folder-based system are that:
- the folder-based restrictions do not apply to the top-level page itself;
- the restrictions apply to all subpages of a top-level page within the same namespace;
- the restrictions defined for a specific folder can be applied to media description pages (i.e. pages in the Image: namespace);
- the restrictions are in addition to all other restrictions;
- restrictions on reading and on editing are managed independently;
- the additional read-restrictions for an entire folder can be lifted or re-imposed by modifying the protected status of a single file, and similarly for write-restrictions;
- the list of users with read permissions for a particular folder can be readily viewed and edited, and similarly for the list of users with write-permissions;
- decentralized administration of folder-based access restrictions is supported;
- these folder-based restrictions do not apply to administrators.
To restrict access to a specific media description page based on the access control lists of a folder, say Xyzzy, simply add the template reference {{Folder:Xyzzy}} somewhere on the page. This will effectively limit access to the uploaded media file as well, but highly confidential files should not be uploaded to QED.
The following table summarizes the folder-based system for restricting access. "ACL" stands for "Access Control List", "Xyzzy" represents the name of the applicable top-level folder, and "Other:" is a namespace such as Course:, Project:, or Princeton:. Further details are provided below.
| folder delimiter character | Prefix to use with Xyzzy/read: or Xyzzy/edit: | Example ACL page | |
| Main namespace | / | (none) | Xyzzy/read: |
| "Image:" namespace | = | Image/ | Image/Xyzzy/read: |
| Any other namespace | / | Other: | Princeton:Xyzzy/read: |
Contents |
Folders
Every page is regarded as being in a top-level folder in its namespace as specified in the table above. If a page has no folder-delimiter character in its name, it is regarded as being in the root folder of its namespace.
Restricting search
The QED search engine can be configured to ensure that users who cannot view pages in a folder will also be unable to see snippets from pages in that folder when they conduct a search. If you want the QED search engine to respect the privacy of a folder in this way, please send mail to qed@princeton.edu.
The QED search engine is the one used when one enters text in the top search box. Pages in read-restricted folders are effectively invisible to public search engines.
The Image: namespace
As mentioned above, to restrict access to a specific media description page based on the access control lists of a folder, say Xyzzy, simply add the template reference {{Folder:Xyzzy}}. This mechanism can also be used to refer to a folder in another namespace, e.g. the tag {{Folder:Princeton:Xyzzy}} can be used to refer to the ACLs for Princeton:Xyzzy.
This mechanism for limiting access to a media description page will also effectively limit access to the corresponding media file as well, at least to anyone with a Princeton netid.
It is recommended that some content be added to the template — see e.g. Template:Folder:MG.
Folders in the Image: namespace
In the Image: namespace, a top-level folder can also be defined using "=" as the folder delimiter; for example, the top-level folder of the page "Image:Fair Use=Picasso 1922.jpg" is "Fair Use".
If folder-based edit-restrictions are in effect for a folder in the Image: namespace, no pages in that folder can be overwritten using the Upload file feature.
The edit: and read: Pages
Given a page in the Xyzzy folder in a namespace other than Image:, the corresponding ACL pages have names of the form "Xyzzy/edit:" and "Xyzzy/read:". The trailing ":" is to avoid name conflicts.
Similarly, given a page having a name of the form Image:Xyzzy/filename, the corresponding ACL pages have names of the form "Image/Xyzzy/edit:" and "Image/Xyzzy/read:".
The ACL pages hold lists of userids of privileged users. The list is simply a sequence of userids, separated from each other by white-space and/or commas.
The ability to edit a page implies the ability to read a page. Therefore, if a userid is listed on the Xyzzy/edit: page, there is no need to include it on the Xyzzy/read: page.
Administration
QED supports decentralized administration of folder-based access restrictions.
Specifically, users listed in the protect: page within a folder may modify the contents and protection status of a folder's edit: and read: pages, provided that the protect: page itself has been protected.
For example, the users listed on the "Xyzzy/protect:" page may modify the "Xyzzy/edit:" and "Xyzzy/read:" pages once it has been protected.
Users with global sysop privileges may also modify any ACL.
For further details about ACLs, see Help:ACL.
Example
While the Xyzzy project is in its early stages, the editors wish to limit access to its QED web pages to themselves. In this case, it is sufficient to take the following steps:
- Enter the list of privileged users on the page named "Xyzzy/edit:"
- Create an empty page named "Xyzzy/read:"
- Protect both these pages (this requires special permission).
As the project nears completion, additional userids can be added to the Xyzzy/read: folder, and when the project is ready to be unveiled to the general public, the Xyzzy/read: page can simply be unprotected.
