https://docs-old.ckeditor.com/index.php?action=history&feed=atom&title=CKFinder_2.x%2FServer_Side_Integration%2FAccess_Control_ListCKFinder 2.x/Server Side Integration/Access Control List - Revision history2026-04-05T05:10:59ZRevision history for this page on the wikiMediaWiki 1.29.1https://docs-old.ckeditor.com/index.php?title=CKFinder_2.x/Server_Side_Integration/Access_Control_List&diff=3042&oldid=prevWiktor: Created page with '{{CKFinder_2.x_SSI_Warning}} == ACL – Access Control List == CKFinder comes with a powerful ACL feature, which makes it possible to define ACL settings at any level in the rep…'2010-05-14T20:09:58Z<p>Created page with '{{CKFinder_2.x_SSI_Warning}} == ACL – Access Control List == CKFinder comes with a powerful ACL feature, which makes it possible to define ACL settings at any level in the rep…'</p>
<p><b>New page</b></p><div>{{CKFinder_2.x_SSI_Warning}}<br />
== ACL – Access Control List ==<br />
<br />
CKFinder comes with a powerful ACL feature, which makes it possible to define ACL settings at any level in the repository directories and subfolders. It implements also a simple role system for ACLs. <br><br />
<br />
In the configuration file, many &lt;AccessControl /&gt; nodes can be created to define ACLs. All attributes defined in AccessControl nodes are optional, and each one overrides ACLs defined for parent folders. <br />
<br />
For example, suppose the following ACLs are defined:<br />
<pre>&lt;AccessControl<br />
role = "*"<br />
resourceType = "*"<br />
folder = "/"<br />
folderView = "true"<br />
folderCreate = "true"<br />
fileUpload = "true"<br />
/&gt;<br />
&lt;AccessControl<br />
role = "*"<br />
resourceType = "Images"<br />
folder = "/My Test/Other Folder/"<br />
fileUpload = "false"<br />
/&gt;</pre><br />
The above should then reflect in the connector execution by returning the following values for FileUpload:<br />
<br />
* Type = Files - /&nbsp;: true<br />
* Type = Files - /My Test/&nbsp;: true<br />
* Type = Files - /My Test/Other Folder/&nbsp;: true<br />
* Type = Images - /My Test/&nbsp;: true<br />
* Type = Images - /My Test/Other Folder/&nbsp;: false<br />
* Type = Images - /My Test/Other Folder/Folder 3/&nbsp;: false<br />
<br />
<br>The “*” wildcard may be used for “role” and “resurceType” to include all.<br />
<br />
=== Roles ===<br />
<br />
By setting the '''roleSessionVar''' attribute, the end developer can point the connector to a session variable which contains the name of the role of the session user. This name would then be used to calculate the ACL.''''<br />
<br />
=== ACL Representation ===<br />
<br />
When sending ACL information to CKFinder, the connector sends a “bit mask” represented by an integer value. Each folder contains a computed aggregated ACL bit mask.<br />
<br />
The following is the representation of all used bits in the mask:<br />
<pre>enum AccessControlRules<br />
{<br />
FolderView = 1,<br />
FolderCreate = 2,<br />
FolderRename = 4,<br />
FolderDelete = 8,<br />
FileView = 16,<br />
FileUpload = 32,<br />
FileRename = 64,<br />
FileDelete = 128<br />
}</pre></div>Wiktor