|
1
|
<div class='fossil-doc' data-title="User Capability Reference"> |
|
2
|
|
|
3
|
<style type="text/css"> |
|
4
|
p#backlink { |
|
5
|
/* Make empty space below the table so hyperlinks to named anchors |
|
6
|
near the bottom of the table still scroll that row to the top of |
|
7
|
the user's browser, even on tall screens. */ |
|
8
|
margin-bottom: 75em; |
|
9
|
} |
|
10
|
|
|
11
|
tr > th { |
|
12
|
background-color: #e8e8e8; |
|
13
|
vertical-align: top; |
|
14
|
} |
|
15
|
body.fossil-dark-style tr > th { |
|
16
|
color: #000; |
|
17
|
opacity: 0.85; |
|
18
|
} |
|
19
|
|
|
20
|
tr.cols th { |
|
21
|
white-space: nowrap; |
|
22
|
} |
|
23
|
|
|
24
|
td, th { |
|
25
|
padding: 0.4em; |
|
26
|
} |
|
27
|
</style> |
|
28
|
|
|
29
|
<p>Here we document each currently-defined user capability character in |
|
30
|
more detail than the brief summary on the <a |
|
31
|
href="/setup_ucap_list">“key” page</a> in the Fossil user editor. Each |
|
32
|
row gives the capability letter used in the Fossil user editor followed |
|
33
|
by the C code’s name for that cap within the <tt>FossilUserPerms</tt> |
|
34
|
object, so you can use this reference both from the UI down and from the |
|
35
|
C code up.</p> |
|
36
|
|
|
37
|
<p>The <a href="https://en.wikipedia.org/wiki/Mnemonic">mnemonics</a> |
|
38
|
given here vary from obviously-correct to <i>post facto</i> |
|
39
|
rationalizations to the outright fanciful. To <a |
|
40
|
href="./impl.md#choices">some extent</a>, this is unavoidable.</p> |
|
41
|
|
|
42
|
|
|
43
|
<h2>Reference</h2> |
|
44
|
|
|
45
|
<table> |
|
46
|
<tr class="cols"> |
|
47
|
<th>?</th> |
|
48
|
<th>Name</th> |
|
49
|
<th style="text-align: left">Description</th> |
|
50
|
</tr> |
|
51
|
|
|
52
|
<tr id="a"> |
|
53
|
<th>a</th> |
|
54
|
<th>Admin</th> |
|
55
|
<td> |
|
56
|
Admin users have <em>all</em> of the capabilities below except for |
|
57
|
<a href="#s">setup</a>, <a herf="#x">Private</a>, and <a href="#y">WrUnver</a>. |
|
58
|
See <a href="admin-v-setup.md">Admin vs. Setup</a> for a more |
|
59
|
nuanced discussion. Mnemonic: <b>a</b>dministrate. |
|
60
|
</td> |
|
61
|
</tr> |
|
62
|
|
|
63
|
<tr id="b"> |
|
64
|
<th>b</th> |
|
65
|
<th>Attach</th> |
|
66
|
<td> |
|
67
|
Add attachments to wiki articles or tickets. Mnemonics: <b>b</b>ind, |
|
68
|
<b>b</b>utton, <b>b</b>ond, or <b>b</b>olt. |
|
69
|
</td> |
|
70
|
</tr> |
|
71
|
|
|
72
|
<tr id="c"> |
|
73
|
<th>c</th> |
|
74
|
<th>ApndTkt</th> |
|
75
|
<td> |
|
76
|
Append comments to existing tickets. Mnemonic: <b>c</b>omment. |
|
77
|
</td> |
|
78
|
</tr> |
|
79
|
|
|
80
|
<tr id="d"> |
|
81
|
<th>d</th> |
|
82
|
<th>n/a</th> |
|
83
|
<td> |
|
84
|
Legacy capability letter from Fossil's forebear <a |
|
85
|
href="http://cvstrac.org/">CVSTrac</a>, which has no useful |
|
86
|
meaning in Fossil due to the nature of its durable Merkle tree design. |
|
87
|
We recommend that you remove it in case we |
|
88
|
ever reuse this letter for another purpose. See <a |
|
89
|
href="https://fossil-scm.org/forum/forumpost/43c78f4bef">this |
|
90
|
post</a> for details. |
|
91
|
</td> |
|
92
|
</tr> |
|
93
|
|
|
94
|
<tr id="e"> |
|
95
|
<th>e</th> |
|
96
|
<th>RdAddr</th> |
|
97
|
<td> |
|
98
|
View <a |
|
99
|
href="https://en.wikipedia.org/wiki/Personal_data">personal |
|
100
|
identifying information</a> (PII) about other users such as email |
|
101
|
addresses. Mnemonics: show <b>e</b>mail addresses; or |
|
102
|
<b>E</b>urope, home of <a |
|
103
|
href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a>. |
|
104
|
</td> |
|
105
|
</tr> |
|
106
|
|
|
107
|
<tr id="f"> |
|
108
|
<th>f</th> |
|
109
|
<th>NewWiki</th> |
|
110
|
<td> |
|
111
|
Create new wiki articles. Mnemonic: <b>f</b>ast, English |
|
112
|
translation of the Hawaiian word <a |
|
113
|
href="https://en.wikipedia.org/wiki/History_of_wikis#WikiWikiWeb,_the_first_wiki"><i>wiki</i></a>. |
|
114
|
</td> |
|
115
|
</tr> |
|
116
|
|
|
117
|
<tr id="g"> |
|
118
|
<th>g</th> |
|
119
|
<th>Clone</th> |
|
120
|
<td> |
|
121
|
Clone the repository. Note that this is distinct from <a |
|
122
|
href="#o">check-out capability, <b>o</b></a>; and that upon cloning |
|
123
|
not just files, but also tickets, wikis, technotes and forum posts |
|
124
|
are tranferred. Mnemonic: <b>g</b>et. |
|
125
|
</td> |
|
126
|
</tr> |
|
127
|
|
|
128
|
<tr id="h"> |
|
129
|
<th>h</th> |
|
130
|
<th>Hyperlink</th> |
|
131
|
<td> |
|
132
|
Get hyperlinks in generated HTML which link you to other parts of |
|
133
|
the repository. This capability exists so we can deny it to the |
|
134
|
“nobody” category, to <a href="../antibot.wiki">prevent bots from |
|
135
|
wandering around aimlessly</a> in the site’s hyperlink web, <a |
|
136
|
href="../loadmgmt.md">chewing up server resources</a> to little |
|
137
|
good purpose. Mnemonic: <b>h</b>yperlink. |
|
138
|
</td> |
|
139
|
</tr> |
|
140
|
|
|
141
|
<tr id="i"> |
|
142
|
<th>i</th> |
|
143
|
<th>Write</th> |
|
144
|
<td> |
|
145
|
Check changes into the repository. Note that a lack of this |
|
146
|
capability does not prevent you from checking changes into your |
|
147
|
local clone, only from syncing those changes up to the parent |
|
148
|
repo, and then <a href="./basics.md#webonly">only over HTTP</a>. |
|
149
|
Also note that not just files, but also tickets, wikis, technotes |
|
150
|
and forum posts will be accepted from clones upon syncronization. |
|
151
|
Granting this capability also grants <b>o (Read)</b> Mnemonics: |
|
152
|
<b>i</b>nput, check <b>i</b>n changes. |
|
153
|
</td> |
|
154
|
</tr> |
|
155
|
|
|
156
|
<tr id="j"> |
|
157
|
<th>j</th> |
|
158
|
<th>RdWiki</th> |
|
159
|
<td> |
|
160
|
View wiki articles. Mnemonic: in<b>j</b>est page content. (All |
|
161
|
right, you critics, you do better, then.) |
|
162
|
</td> |
|
163
|
</tr> |
|
164
|
|
|
165
|
<tr id="k"> |
|
166
|
<th>k</th> |
|
167
|
<th>WrWiki</th> |
|
168
|
<td> |
|
169
|
Edit wiki articles. Granting this capability also grants <a |
|
170
|
href="#j"><b>RdWiki</b></a> and <a href="#m"><b>ApndWiki</b></a>, |
|
171
|
but it does <em>not</em> grant <a href="#f"><b>NewWiki</b></a>! |
|
172
|
Mnemonic: <b>k</b>ontribute. |
|
173
|
</td> |
|
174
|
</tr> |
|
175
|
|
|
176
|
<tr id="l"> |
|
177
|
<th>l</th> |
|
178
|
<th>ModWiki</th> |
|
179
|
<td> |
|
180
|
Moderate <a href="#m">wiki article appends</a>. Appends do not get |
|
181
|
saved permanently to the receiving repo’s block chain until <a |
|
182
|
href="#s">Setup</a> or someone with this cap approves it. |
|
183
|
Mnemonic: a<b>l</b>low. |
|
184
|
</td> |
|
185
|
</tr> |
|
186
|
|
|
187
|
<tr id="m"> |
|
188
|
<th>m</th> |
|
189
|
<th>ApndWiki</th> |
|
190
|
<td> |
|
191
|
Append content to existing wiki articles. Mnemonic: a<b>m</b>end |
|
192
|
wiki |
|
193
|
</td> |
|
194
|
</tr> |
|
195
|
|
|
196
|
<tr id="n"> |
|
197
|
<th>n</th> |
|
198
|
<th>NewTkt</th> |
|
199
|
<td> |
|
200
|
File new tickets. Mnemonic: <b>n</b>ew ticket. |
|
201
|
</td> |
|
202
|
</tr> |
|
203
|
|
|
204
|
<tr id="o"> |
|
205
|
<th>o</th> |
|
206
|
<th>Read</th> |
|
207
|
<td> |
|
208
|
Read content and history of files from a remote Fossil instance over |
|
209
|
HTTP. See <a href="index.md#read-v-clone">Reading vs. |
|
210
|
Cloning</a>. Mnemonic: check <b>o</b>ut remote repo contents. |
|
211
|
</td> |
|
212
|
</tr> |
|
213
|
|
|
214
|
<tr id="p"> |
|
215
|
<th>p</th> |
|
216
|
<th>Password</th> |
|
217
|
<td> |
|
218
|
Change one’s own password. Mnemonic: <b>p</b>assword. |
|
219
|
</td> |
|
220
|
</tr> |
|
221
|
|
|
222
|
<tr id="q"> |
|
223
|
<th>q</th> |
|
224
|
<th>ModTkt</th> |
|
225
|
<td> |
|
226
|
Moderate tickets: delete comments appended to tickets. Mnemonic: |
|
227
|
<b>q</b>uash noise commentary. |
|
228
|
</td> |
|
229
|
</tr> |
|
230
|
|
|
231
|
<tr id="r"> |
|
232
|
<th>r</th> |
|
233
|
<th>RdTkt</th> |
|
234
|
<td> |
|
235
|
View existing tickets. Mnemonic: <b>r</b>ead tickets. |
|
236
|
</td> |
|
237
|
</tr> |
|
238
|
|
|
239
|
<tr id="s"> |
|
240
|
<th>s</th> |
|
241
|
<th>Setup</th> |
|
242
|
<td> |
|
243
|
The <a href="./admin-v-setup.md#apsu">all-powerful Setup user</a>. |
|
244
|
Mnemonics: <b>s</b>etup or <b>s</b>uperuser. |
|
245
|
</td> |
|
246
|
</tr> |
|
247
|
|
|
248
|
<tr id="t"> |
|
249
|
<th>t</th> |
|
250
|
<th>TktFmt</th> |
|
251
|
<td> |
|
252
|
Create new ticket report formats. Note that although this allows |
|
253
|
the user to provide SQL code to be run in the server’s context, |
|
254
|
and this capability is given to the untrusted “anonymous” user |
|
255
|
category by default, this is a safe capability to give to users |
|
256
|
because it is internally restricted to read-only queries on the |
|
257
|
tickets table only. (This restriction is done with an SQLite |
|
258
|
authorization hook, not by any method so weak as SQL text |
|
259
|
filtering.) Mnemonic: new <b>t</b>icket report. |
|
260
|
</td> |
|
261
|
</tr> |
|
262
|
|
|
263
|
<tr id="u"> |
|
264
|
<th>u</th> |
|
265
|
<th>n/a</th> |
|
266
|
<td> |
|
267
|
Inherit all capabilities of the “reader” user category; does not |
|
268
|
have a dedicated flag internally within Fossil. Mnemonic: |
|
269
|
<a href="./index.md#ucat"><b>u</b>ser</a> |
|
270
|
</td> |
|
271
|
</tr> |
|
272
|
|
|
273
|
<tr id="v"> |
|
274
|
<th>v</th> |
|
275
|
<th>n/a</th> |
|
276
|
<td> |
|
277
|
Inherit all capabilities of the “developer” user category; does |
|
278
|
not have a dedicated flag internally within Fossil. Mnemonic: |
|
279
|
de<b>v</b>eloper. |
|
280
|
</td> |
|
281
|
</tr> |
|
282
|
|
|
283
|
<tr id="w"> |
|
284
|
<th>w</th> |
|
285
|
<th>WrTkt</th> |
|
286
|
<td> |
|
287
|
Edit existing tickets. Granting this capability also grants <a |
|
288
|
href="#r"><b>RdTkt</b></a>, <a href="#c"><b>ApndTkt</b></a>, and |
|
289
|
<a href="#n"><b>NewTkt</b></a>. Mnemonic: <b>w</b>rite to ticket. |
|
290
|
</td> |
|
291
|
</tr> |
|
292
|
|
|
293
|
<tr id="x"> |
|
294
|
<th>x</th> |
|
295
|
<th>Private</th> |
|
296
|
<td> |
|
297
|
Push or pull <a href="../private.wiki">private branches</a>. |
|
298
|
Mnemonic: e<b>x</b>clusivity; “x” connotes unknown material in |
|
299
|
many Western languages due to its <a |
|
300
|
href="https://en.wikipedia.org/wiki/La_Géométrie#The_text">traditional |
|
301
|
use in mathematics</a>. |
|
302
|
</td> |
|
303
|
</tr> |
|
304
|
|
|
305
|
<tr id="y"> |
|
306
|
<th>y</th> |
|
307
|
<th>WrUnver</th> |
|
308
|
<td> |
|
309
|
Push <a href="../unvers.wiki">unversioned content</a>. Mnemonic: |
|
310
|
<b>y</b>ield, <a href="https://en.wiktionary.org/wiki/yield">sense |
|
311
|
4</a>: “hand over.” |
|
312
|
</td> |
|
313
|
</tr> |
|
314
|
|
|
315
|
<tr id="z"> |
|
316
|
<th>z</th> |
|
317
|
<th>Zip</th> |
|
318
|
<td> |
|
319
|
Pull archives of particular repository versions via <a |
|
320
|
href="/help/www/zip"><tt>/zip</tt></a>, <a |
|
321
|
href="/help/www/tarball"><tt>/tarball</tt></a>, and <a |
|
322
|
href="/help/www/sqlar"><tt>/sqlar</tt></a> URLs. This is an |
|
323
|
expensive capability to grant, because creating such archives can |
|
324
|
put a large load on <a href="../server/">a Fossil server</a> which |
|
325
|
you may then need to <a href="../loadmgmt.md">manage</a>. |
|
326
|
Mnemonic: <b>z</b>ip file download. |
|
327
|
</td> |
|
328
|
</tr> |
|
329
|
|
|
330
|
<tr id="2"> |
|
331
|
<th>2</th> |
|
332
|
<th>RdForum</th> |
|
333
|
<td> |
|
334
|
Read <a href="../forum.wiki">forum posts</a> by other users. |
|
335
|
Mnemonic: from thee <b>2</b> me. |
|
336
|
</td> |
|
337
|
</tr> |
|
338
|
|
|
339
|
<tr id="3"> |
|
340
|
<th>3</th> |
|
341
|
<th>WrForum</th> |
|
342
|
<td> |
|
343
|
Create new forum threads, reply to threads created by others, and |
|
344
|
edit one’s own posts. New posts are <a |
|
345
|
href="../forum.wiki#moderation">held for moderation</a> and do |
|
346
|
not appear in repo clones or syncs. Granting this capability also |
|
347
|
grants <a href="#2"><b>RdForum</b></a>. Mnemonic: post for |
|
348
|
<b>3</b> audiences: me, <a href="#5">the mods</a>, and <a |
|
349
|
href="https://en.wikipedia.org/wiki/The_Man">the Man</a>. |
|
350
|
</td> |
|
351
|
</tr> |
|
352
|
|
|
353
|
<tr id="4"> |
|
354
|
<th>4</th> |
|
355
|
<th>WrTForum</th> |
|
356
|
<td> |
|
357
|
Extends <a href="#3"><b>WrForum</b></a>, bypassing the moderation |
|
358
|
and sync restrictions. Mnemonic: post <b>4</b> immediate release. |
|
359
|
</td> |
|
360
|
</tr> |
|
361
|
|
|
362
|
<tr id="5"> |
|
363
|
<th>5</th> |
|
364
|
<th>ModForum</th> |
|
365
|
<td> |
|
366
|
<a href="../forum.wiki#moderation">Moderate forum posts</a>. |
|
367
|
Granting this capability also grants <a |
|
368
|
href="#4"><b>WrTForum</b></a> and <a href="#2"><b>RdForum</b></a>, |
|
369
|
so a user with this cap never has to moderate their own posts. |
|
370
|
Mnemonic: “May I have <b>5</b> seconds of your time, honored |
|
371
|
Gatekeeper?” |
|
372
|
</td> |
|
373
|
</tr> |
|
374
|
|
|
375
|
<tr id="6"> |
|
376
|
<th>6</th> |
|
377
|
<th>AdminForum</th> |
|
378
|
<td> |
|
379
|
Users with this capability see a checkbox on unmoderated forum |
|
380
|
posts labeled “Trust user X so that future posts by user X do not |
|
381
|
require moderation.” Checking that box and then clicking the |
|
382
|
moderator-only “Approve” button on that post grants <a |
|
383
|
href="#4"><b>WrTForum</b></a> capability to that post’s author. |
|
384
|
There is currently no UI for a user with this cap to |
|
385
|
<em>revoke</em> trust from a user once it is granted; only <a |
|
386
|
href="#a"><b>Admin</b></a> and <a href="#s"><b>Setup</b></a> can |
|
387
|
currently revoke granted caps. Granting this capability also |
|
388
|
grants <a href="#5"><b>ModForum</b></a> and those it in turn |
|
389
|
grants. Mnemonic: “I’m <b>6</b> [sick] of hitting Approve on your |
|
390
|
posts!” |
|
391
|
</td> |
|
392
|
</tr> |
|
393
|
|
|
394
|
<tr id="7"> |
|
395
|
<th>7</th> |
|
396
|
<th>EmailAlert</th> |
|
397
|
<td> |
|
398
|
User can sign up for <a href="../alerts.md">email alerts</a>. |
|
399
|
Mnemonic: <a href="https://en.wikipedia.org/wiki/Heaven_Can_Wait">Seven can |
|
400
|
wait</a>, I’ve got email to read now. |
|
401
|
</td> |
|
402
|
</tr> |
|
403
|
|
|
404
|
<tr id="A"> |
|
405
|
<th>A</th> |
|
406
|
<th>Announce</th> |
|
407
|
<td> |
|
408
|
Send email announcements to users <a href="#7">signed up to |
|
409
|
receive them</a>. Mnemonic: <b>a</b>nnounce. |
|
410
|
</td> |
|
411
|
</tr> |
|
412
|
|
|
413
|
<tr id="C"> |
|
414
|
<th>C</th> |
|
415
|
<th>Chat</th> |
|
416
|
<td> |
|
417
|
Allow access to the <tt>/chat</tt> room. |
|
418
|
</td> |
|
419
|
</tr> |
|
420
|
|
|
421
|
<tr id="D"> |
|
422
|
<th>D</th> |
|
423
|
<th>Debug</th> |
|
424
|
<td> |
|
425
|
Enable debugging features. Mnemonic: <b>d</b>ebug. |
|
426
|
</td> |
|
427
|
</tr> |
|
428
|
|
|
429
|
<tr id="L"> |
|
430
|
<th>L</th> |
|
431
|
<th>Is-logged-in</th> |
|
432
|
<td> |
|
433
|
This is not a real capability, but is used in certain capability |
|
434
|
checks, e.g. via <a href="../th1.md#capexpr">capexpr</a>. It |
|
435
|
resolves to true if the current user is logged in. |
|
436
|
Mnemonic: <b>L</b>ogged in. |
|
437
|
</td> |
|
438
|
</tr> |
|
439
|
|
|
440
|
</table> |
|
441
|
|
|
442
|
<hr/> |
|
443
|
|
|
444
|
<p id="backlink"><a href="./"><em>Back to Administering User |
|
445
|
Capabilities</em></a></p> |
|
446
|
|