Page Level Access Control Lists
GeoHazardWatch supports page-level access control using ACLs (Access Control Lists) to restrict who can view, edit, or manage individual pages.
Overview
ACLs allow you to:
- Restrict page viewing to specific users or roles
- Control who can edit a page
- Set different permissions for different actions
ACL Syntax
ACLs are defined in the page frontmatter using the acl property:
---
title: My Protected Page
acl:
view: [admin, editors]
edit: [admin]
delete: [admin]
---
Permission Types
| Permission | Description |
view |
Who can read the page content |
edit |
Who can modify the page |
delete |
Who can delete the page |
comment |
Who can add comments (if enabled) |
upload |
Who can upload attachments |
Principals
Principals are the users or groups that can be granted permissions:
Built-in Roles
admin- Full administrative accessauthenticated- Any logged-in useranonymous- Anyone (including guests)all- Everyone (same as anonymous)
Custom Roles
Custom roles can be defined in the User Roles and Permissions configuration.
Examples
Admin-Only Page
Only administrators can view or edit:
acl:
view: [admin]
edit: [admin]
Public View, Restricted Edit
Anyone can view, only admins can edit:
acl:
view: [all]
edit: [admin]
Team Collaboration
Multiple roles with different access:
acl:
view: [authenticated]
edit: [editors, admin]
delete: [admin]
Documentation Pages
System documentation (protected from casual editing):
system-category: documentation
acl:
view: [all]
edit: [admin]
Inheritance
Pages can inherit ACLs from:
- Parent page - If in a hierarchy
- Category defaults - Based on system-category
- Global defaults - Site-wide fallback
Checking Permissions
The ACLManager evaluates permissions in this order:
- Page-specific ACL
- Category-based rules
- Default site permissions
See User Roles and Permissions for role definitions, Administrator for the admin guide, and Configuration System for site-wide configuration.
No comments yet.