Extension:Semantic ACL

The SemanticACL extension allows read and edit restrictions to be set on pages using semantic properties.

Usage
To set restrictions, mark up a page with the appropriate properties.

To set read restrictions, use these properties:
 *  Visible to:: 
 *  Visible to user:: 
 *  Visible to group:: 

To set edit restrictions (which apply to all other actions), use these ones:
 *  Editable by:: 
 *  Editable by user:: 
 *  Editable by group:: 

The "main" property (Editable by or Visible to) can take one or more of these values. With the exception of "public", a user must satisfy all conditions set.
 * public</tt> — overrides all other values and never denies access.
 * users</tt> — denies access to users who are not logged in.
 * whitelist</tt> — denies access to all users who are not whitelisted, either explicitly or by being in a whitelisted group.

The read and edit restrictions have separate whitelists. You can add one or more users or groups to the whitelist using the appropriate properties. Note that the User:</tt> prefix is mandatory for the single-user whitelist.

Example
These properties, included on a page, would allow only users in the "moderator" group to read the page, and only the user "Chief Moderator" to edit it. Visible to::whitelist Visible to group::moderator

Editable by::whitelist Editable by user::User:Chief Moderator

User rights
Users who have the sacl-exempt</tt> user group are never prohibited access by this extension. This is a failsafe to avoid pages becoming permanently uneditable by having an empty whitelist.

By default, administrators (users in the sysop</tt> group) are given this right.