Fossil SCM

fossil-scm / www / caps / ref.html
Source Rendered
Blame History Raw 455 lines
1
<div class='fossil-doc' data-title="User Capability Reference">
2
3
<style type="text/css">
4
p#backlink {
5
/* Make empty space below the table so hyperlinks to named anchors
6
near the bottom of the table still scroll that row to the top of
7
the user's browser, even on tall screens. */
8
margin-bottom: 75em;
9
}
10
11
tr > th {
12
background-color: #e8e8e8;
13
vertical-align: top;
14
}
15
body.fossil-dark-style tr > th {
16
color: #000;
17
opacity: 0.85;
18
}
19
20
tr.cols th {
21
white-space: nowrap;
22
}
23
24
td, th {
25
padding: 0.4em;
26
}
27
</style>
28
29
<p>Here we document each currently-defined user capability character in
30
more detail than the brief summary on the <a
31
href="/setup_ucap_list">“key” page</a> in the Fossil user editor. Each
32
row gives the capability letter used in the Fossil user editor followed
33
by the C code’s name for that cap within the <tt>FossilUserPerms</tt>
34
object, so you can use this reference both from the UI down and from the
35
C code up.</p>
36
37
<p>The <a href="https://en.wikipedia.org/wiki/Mnemonic">mnemonics</a>
38
given here vary from obviously-correct to <i>post facto</i>
39
rationalizations to the outright fanciful. To <a
40
href="./impl.md#choices">some extent</a>, this is unavoidable.</p>
41
42
43
<h2>Reference</h2>
44
45
<table>
46
<tr class="cols">
47
<th>?</th>
48
<th>Name</th>
49
<th style="text-align: left">Description</th>
50
</tr>
51
52
<tr id="a">
53
<th>a</th>
54
<th>Admin</th>
55
<td>
56
Admin users have <em>all</em> of the capabilities below except for
57
<a href="#s">setup</a>, <a herf="#x">Private</a>, and <a href="#y">WrUnver</a>.
58
See <a href="admin-v-setup.md">Admin vs. Setup</a> for a more
59
nuanced discussion. Mnemonic: <b>a</b>dministrate.
60
</td>
61
</tr>
62
63
<tr id="b">
64
<th>b</th>
65
<th>Attach</th>
66
<td>
67
Add attachments to wiki articles, technotes, or tickets.
68
Mnemonics: <b>b</b>ind, <b>b</b>utton, <b>b</b>ond, or <b>b</b>olt.
69
See also: <a href='#B'>B</a>.
70
</td>
71
</tr>
72
73
<tr id="c">
74
<th>c</th>
75
<th>ApndTkt</th>
76
<td>
77
Append comments to existing tickets. Mnemonic: <b>c</b>omment.
78
</td>
79
</tr>
80
81
<tr id="d">
82
<th>d</th>
83
<th>n/a</th>
84
<td>
85
Legacy capability letter from Fossil's forebear <a
86
href="http://cvstrac.org/">CVSTrac</a>, which has no useful
87
meaning in Fossil due to the nature of its durable Merkle tree design.
88
We recommend that you remove it in case we
89
ever reuse this letter for another purpose. See <a
90
href="https://fossil-scm.org/forum/forumpost/43c78f4bef">this
91
post</a> for details.
92
</td>
93
</tr>
94
95
<tr id="e">
96
<th>e</th>
97
<th>RdAddr</th>
98
<td>
99
View <a
100
href="https://en.wikipedia.org/wiki/Personal_data">personal
101
identifying information</a> (PII) about other users such as email
102
addresses. Mnemonics: show <b>e</b>mail addresses; or
103
<b>E</b>urope, home of <a
104
href="https://en.wikipedia.org/wiki/General_Data_Protection_Regulation">GDPR</a>.
105
</td>
106
</tr>
107
108
<tr id="f">
109
<th>f</th>
110
<th>NewWiki</th>
111
<td>
112
Create new wiki articles. Mnemonic: <b>f</b>ast, English
113
translation of the Hawaiian word <a
114
href="https://en.wikipedia.org/wiki/History_of_wikis#WikiWikiWeb,_the_first_wiki"><i>wiki</i></a>.
115
</td>
116
</tr>
117
118
<tr id="g">
119
<th>g</th>
120
<th>Clone</th>
121
<td>
122
Clone the repository. Note that this is distinct from <a
123
href="#o">check-out capability, <b>o</b></a>; and that upon cloning
124
not just files, but also tickets, wikis, technotes and forum posts
125
are tranferred. Mnemonic: <b>g</b>et.
126
</td>
127
</tr>
128
129
<tr id="h">
130
<th>h</th>
131
<th>Hyperlink</th>
132
<td>
133
Get hyperlinks in generated HTML which link you to other parts of
134
the repository. This capability exists so we can deny it to the
135
“nobody” category, to <a href="../antibot.wiki">prevent bots from
136
wandering around aimlessly</a> in the site’s hyperlink web, <a
137
href="../loadmgmt.md">chewing up server resources</a> to little
138
good purpose. Mnemonic: <b>h</b>yperlink.
139
</td>
140
</tr>
141
142
<tr id="i">
143
<th>i</th>
144
<th>Write</th>
145
<td>
146
Check changes into the repository. Note that a lack of this
147
capability does not prevent you from checking changes into your
148
local clone, only from syncing those changes up to the parent
149
repo, and then <a href="./basics.md#webonly">only over HTTP</a>.
150
Also note that not just files, but also tickets, wikis, technotes
151
and forum posts will be accepted from clones upon syncronization.
152
Granting this capability also grants <b>o (Read)</b> Mnemonics:
153
<b>i</b>nput, check <b>i</b>n changes.
154
</td>
155
</tr>
156
157
<tr id="j">
158
<th>j</th>
159
<th>RdWiki</th>
160
<td>
161
View wiki articles. Mnemonic: in<b>j</b>est page content. (All
162
right, you critics, you do better, then.)
163
</td>
164
</tr>
165
166
<tr id="k">
167
<th>k</th>
168
<th>WrWiki</th>
169
<td>
170
Edit wiki articles. Granting this capability also grants <a
171
href="#j"><b>RdWiki</b></a> and <a href="#m"><b>ApndWiki</b></a>,
172
but it does <em>not</em> grant <a href="#f"><b>NewWiki</b></a>!
173
Mnemonic: <b>k</b>ontribute.
174
</td>
175
</tr>
176
177
<tr id="l">
178
<th>l</th>
179
<th>ModWiki</th>
180
<td>
181
Moderate <a href="#m">wiki article appends</a>. Appends do not get
182
saved permanently to the receiving repo’s block chain until <a
183
href="#s">Setup</a> or someone with this cap approves it.
184
Mnemonic: a<b>l</b>low.
185
</td>
186
</tr>
187
188
<tr id="m">
189
<th>m</th>
190
<th>ApndWiki</th>
191
<td>
192
Append content to existing wiki articles. Mnemonic: a<b>m</b>end
193
wiki
194
</td>
195
</tr>
196
197
<tr id="n">
198
<th>n</th>
199
<th>NewTkt</th>
200
<td>
201
File new tickets. Mnemonic: <b>n</b>ew ticket.
202
</td>
203
</tr>
204
205
<tr id="o">
206
<th>o</th>
207
<th>Read</th>
208
<td>
209
Read content and history of files from a remote Fossil instance over
210
HTTP. See <a href="index.md#read-v-clone">Reading vs.
211
Cloning</a>. Mnemonic: check <b>o</b>ut remote repo contents.
212
</td>
213
</tr>
214
215
<tr id="p">
216
<th>p</th>
217
<th>Password</th>
218
<td>
219
Change one’s own password. Mnemonic: <b>p</b>assword.
220
</td>
221
</tr>
222
223
<tr id="q">
224
<th>q</th>
225
<th>ModTkt</th>
226
<td>
227
Moderate tickets: delete comments appended to tickets. Mnemonic:
228
<b>q</b>uash noise commentary.
229
</td>
230
</tr>
231
232
<tr id="r">
233
<th>r</th>
234
<th>RdTkt</th>
235
<td>
236
View existing tickets. Mnemonic: <b>r</b>ead tickets.
237
</td>
238
</tr>
239
240
<tr id="s">
241
<th>s</th>
242
<th>Setup</th>
243
<td>
244
The <a href="./admin-v-setup.md#apsu">all-powerful Setup user</a>.
245
Mnemonics: <b>s</b>etup or <b>s</b>uperuser.
246
</td>
247
</tr>
248
249
<tr id="t">
250
<th>t</th>
251
<th>TktFmt</th>
252
<td>
253
Create new ticket report formats. Note that although this allows
254
the user to provide SQL code to be run in the server’s context,
255
and this capability is given to the untrusted “anonymous” user
256
category by default, this is a safe capability to give to users
257
because it is internally restricted to read-only queries on the
258
tickets table only. (This restriction is done with an SQLite
259
authorization hook, not by any method so weak as SQL text
260
filtering.) Mnemonic: new <b>t</b>icket report.
261
</td>
262
</tr>
263
264
<tr id="u">
265
<th>u</th>
266
<th>n/a</th>
267
<td>
268
Inherit all capabilities of the “reader” user category; does not
269
have a dedicated flag internally within Fossil. Mnemonic:
270
<a href="./index.md#ucat"><b>u</b>ser</a>
271
</td>
272
</tr>
273
274
<tr id="v">
275
<th>v</th>
276
<th>n/a</th>
277
<td>
278
Inherit all capabilities of the “developer” user category; does
279
not have a dedicated flag internally within Fossil. Mnemonic:
280
de<b>v</b>eloper.
281
</td>
282
</tr>
283
284
<tr id="w">
285
<th>w</th>
286
<th>WrTkt</th>
287
<td>
288
Edit existing tickets. Granting this capability also grants <a
289
href="#r"><b>RdTkt</b></a>, <a href="#c"><b>ApndTkt</b></a>, and
290
<a href="#n"><b>NewTkt</b></a>. Mnemonic: <b>w</b>rite to ticket.
291
</td>
292
</tr>
293
294
<tr id="x">
295
<th>x</th>
296
<th>Private</th>
297
<td>
298
Push or pull <a href="../private.wiki">private branches</a>.
299
Mnemonic: e<b>x</b>clusivity; “x” connotes unknown material in
300
many Western languages due to its <a
301
href="https://en.wikipedia.org/wiki/La_Géométrie#The_text">traditional
302
use in mathematics</a>.
303
</td>
304
</tr>
305
306
<tr id="y">
307
<th>y</th>
308
<th>WrUnver</th>
309
<td>
310
Push <a href="../unvers.wiki">unversioned content</a>. Mnemonic:
311
<b>y</b>ield, <a href="https://en.wiktionary.org/wiki/yield">sense
312
4</a>: “hand over.”
313
</td>
314
</tr>
315
316
<tr id="z">
317
<th>z</th>
318
<th>Zip</th>
319
<td>
320
Pull archives of particular repository versions via <a
321
href="/help/www/zip"><tt>/zip</tt></a>, <a
322
href="/help/www/tarball"><tt>/tarball</tt></a>, and <a
323
href="/help/www/sqlar"><tt>/sqlar</tt></a> URLs. This is an
324
expensive capability to grant, because creating such archives can
325
put a large load on <a href="../server/">a Fossil server</a> which
326
you may then need to <a href="../loadmgmt.md">manage</a>.
327
Mnemonic: <b>z</b>ip file download.
328
</td>
329
</tr>
330
331
<tr id="2">
332
<th>2</th>
333
<th>RdForum</th>
334
<td>
335
Read <a href="../forum.wiki">forum posts</a> by other users.
336
Mnemonic: from thee <b>2</b> me.
337
</td>
338
</tr>
339
340
<tr id="3">
341
<th>3</th>
342
<th>WrForum</th>
343
<td>
344
Create new forum threads, reply to threads created by others, and
345
edit one’s own posts. New posts are <a
346
href="../forum.wiki#moderation">held for moderation</a> and do
347
not appear in repo clones or syncs. Granting this capability also
348
grants <a href="#2"><b>RdForum</b></a>. Mnemonic: post for
349
<b>3</b> audiences: me, <a href="#5">the mods</a>, and <a
350
href="https://en.wikipedia.org/wiki/The_Man">the Man</a>.
351
</td>
352
</tr>
353
354
<tr id="4">
355
<th>4</th>
356
<th>WrTForum</th>
357
<td>
358
Extends <a href="#3"><b>WrForum</b></a>, bypassing the moderation
359
and sync restrictions. Mnemonic: post <b>4</b> immediate release.
360
</td>
361
</tr>
362
363
<tr id="5">
364
<th>5</th>
365
<th>ModForum</th>
366
<td>
367
<a href="../forum.wiki#moderation">Moderate forum posts</a>.
368
Granting this capability also grants <a
369
href="#4"><b>WrTForum</b></a> and <a href="#2"><b>RdForum</b></a>,
370
so a user with this cap never has to moderate their own posts.
371
Mnemonic: “May I have <b>5</b> seconds of your time, honored
372
Gatekeeper?”
373
</td>
374
</tr>
375
376
<tr id="6">
377
<th>6</th>
378
<th>AdminForum</th>
379
<td>
380
Users with this capability see a checkbox on unmoderated forum
381
posts labeled “Trust user X so that future posts by user X do not
382
require moderation.” Checking that box and then clicking the
383
moderator-only “Approve” button on that post grants <a
384
href="#4"><b>WrTForum</b></a> capability to that post’s author.
385
There is currently no UI for a user with this cap to
386
<em>revoke</em> trust from a user once it is granted; only <a
387
href="#a"><b>Admin</b></a> and <a href="#s"><b>Setup</b></a> can
388
currently revoke granted caps. Granting this capability also
389
grants <a href="#5"><b>ModForum</b></a> and those it in turn
390
grants. Mnemonic: “I’m <b>6</b> [sick] of hitting Approve on your
391
posts!”
392
</td>
393
</tr>
394
395
<tr id="7">
396
<th>7</th>
397
<th>EmailAlert</th>
398
<td>
399
User can sign up for <a href="../alerts.md">email alerts</a>.
400
Mnemonic: <a href="https://en.wikipedia.org/wiki/Heaven_Can_Wait">Seven can
401
wait</a>, I’ve got email to read now.
402
</td>
403
</tr>
404
405
<tr id="A">
406
<th>A</th>
407
<th>Announce</th>
408
<td>
409
Send email announcements to users <a href="#7">signed up to
410
receive them</a>. Mnemonic: <b>a</b>nnounce.
411
</td>
412
</tr>
413
414
<tr id="B">
415
<th>B</th>
416
<th>Attach to Forum</th>
417
<td>
418
Add attachments to forum posts. See also: <a href='#b'>b</a>.
419
</td>
420
</tr>
421
422
<tr id="C">
423
<th>C</th>
424
<th>Chat</th>
425
<td>
426
Allow access to the <tt>/chat</tt> room.
427
</td>
428
</tr>
429
430
<tr id="D">
431
<th>D</th>
432
<th>Debug</th>
433
<td>
434
Enable debugging features. Mnemonic: <b>d</b>ebug.
435
</td>
436
</tr>
437
438
<tr id="L">
439
<th>L</th>
440
<th>Is-logged-in</th>
441
<td>
442
This is not a real capability, but is used in certain capability
443
checks, e.g. via <a href="../th1.md#capexpr">capexpr</a>. It
444
resolves to true if the current user is logged in.
445
Mnemonic: <b>L</b>ogged in.
446
</td>
447
</tr>
448
449
</table>
450
451
<hr/>
452
453
<p id="backlink"><a href="./"><em>Back to Administering User
454
Capabilities</em></a></p>
455

Keyboard Shortcuts

Open search /
Next entry (timeline) j
Previous entry (timeline) k
Open focused entry Enter
Show this help ?
Toggle theme Top nav button