Create necessary ACL rule for logged-in users to have all access, and lock down public access (closes #3.)

2016-11-17 06:50:00 -06:00 · 2016-11-17 06:50:00 -06:00 · 0905d27d22
parent 6ef435fe61
commit 0905d27d22
3 changed files with 28 additions and 0 deletions
--- a/.sandstorm/changelog.md
+++ b/.sandstorm/changelog.md
@ -1,3 +1,7 @@
+# 2016-06-26a-sandstorm5 (2016-11-17)
+
+ * Create default @user ACL rule
+
 # V2016-06-26a-sandstorm4 (2016-10-14)

 * Refactor to service-config style for easier development
--- a/.sandstorm/launcher.sh
+++ b/.sandstorm/launcher.sh
@ -43,5 +43,7 @@ fi
 cd /var/lib/dokuwiki
 grep -Ev '^($|#)' /opt/app/dokuwiki/data.orig/deleted.files | xargs -n 1 rm -vrf

+cp /opt/app/acl.auth.php /var/lib/dokuwiki/conf
+
 # Start nginx.
 /usr/sbin/nginx -c /opt/app/.sandstorm/service-config/nginx.conf -g "daemon off;"
--- a/acl.auth.php
+++ b/acl.auth.php
@ -0,0 +1,22 @@
+# acl.auth.php
+# <?php exit()?>
+# Don't modify the lines above
+#
+# Access Control Lists
+#
+# Editing this file by hand shouldn't be necessary. Use the ACL
+# Manager interface instead.
+#
+# If your auth backend allows special char like spaces in groups
+# or user names you need to urlencode them (only chars <128, leave
+# UTF-8 multibyte chars as is)
+#
+# none   0
+# read   1
+# edit   2
+# create 4
+# upload 8
+# delete 16
+
+*               @ALL        1
+*               @user        16