Page Level Access Control Lists

GeoHazardWatch supports page-level access control using ACLs (Access Control Lists) to restrict who can view, edit, or manage individual pages.

Overview

ACLs allow you to:

• Restrict page viewing to specific users or roles
• Control who can edit a page
• Set different permissions for different actions

ACL Syntax

ACLs are defined in the page frontmatter using the acl property:

---
title: My Protected Page
acl:
  view: [admin, editors]
  edit: [admin]
  delete: [admin]
---

Permission Types

Principals

Principals are the users or groups that can be granted permissions:

Built-in Roles

• admin - Full administrative access
• authenticated - Any logged-in user
• anonymous - Anyone (including guests)
• all - Everyone (same as anonymous)

Custom Roles

Custom roles can be defined in the User Roles and Permissions configuration.

Examples

Admin-Only Page

Only administrators can view or edit:

acl:
  view: [admin]
  edit: [admin]

Public View, Restricted Edit

Anyone can view, only admins can edit:

acl:
  view: [all]
  edit: [admin]

Team Collaboration

Multiple roles with different access:

acl:
  view: [authenticated]
  edit: [editors, admin]
  delete: [admin]

Documentation Pages

System documentation (protected from casual editing):

system-category: documentation
acl:
  view: [all]
  edit: [admin]

Inheritance

Pages can inherit ACLs from:

1. Parent page - If in a hierarchy
2. Category defaults - Based on system-category
3. Global defaults - Site-wide fallback

Checking Permissions

The ACLManager evaluates permissions in this order:

1. Page-specific ACL
2. Category-based rules
3. Default site permissions

See User Roles and Permissions for role definitions, Administrator for the admin guide, and Configuration System for site-wide configuration.