Here we document each currently-defined user capability character in more detail than the brief summary on the “key” page in the Fossil user editor. Each row gives the capability letter used in the Fossil user editor followed by the C code’s name for that cap within the FossilUserPerms object, so you can use this reference both from the UI down and from the C code up.
The mnemonics given here vary from obviously-correct to post facto rationalizations to the outright fanciful. To some extent, this is unavoidable.
Reference
? | Name | Description |
---|---|---|
a | Admin | Admin users have all of the capabilities below except for setup, Private, and WrUnver. See Admin vs. Setup for a more nuanced discussion. Mnemonic: administrate. |
b | Attach | Add attachments to wiki articles or tickets. Mnemonics: bind, button, bond, or bolt. |
c | ApndTkt | Append comments to existing tickets. Mnemonic: comment. |
d | n/a | Legacy capability letter from Fossil's forebear CVSTrac, which has no useful meaning in Fossil due to the nature of its durable Merkle tree design. This letter was assigned by default to Developer in repos created with Fossil 2.10 or earlier, but it has no effect in current or past versions of Fossil; we recommend that you remove it in case we ever reuse this letter for another purpose. See this post for details. |
e | RdAddr | View personal identifying information (PII) about other users such as email addresses. Mnemonics: show email addresses; or Europe, home of GDPR. |
f | NewWiki | Create new wiki articles. Mnemonic: fast, English translation of the Hawaiian word wiki. |
g | Clone | Clone the repository. Note that this is distinct from check-out capability, o. Mnemonic: get. |
h | Hyperlink | Get hyperlinks in generated HTML which link you to other parts of the repository. This capability exists so we can deny it to the “nobody” category, to prevent bots from wandering around aimlessly in the site’s hyperlink web, chewing up server resources to little good purpose. Mnemonic: hyperlink. |
i | Write | Check changes into the repository. Note that a lack of this capability does not prevent you from checking changes into your local clone, only from syncing those changes up to the parent repo, and then only over HTTP. Granting this capability also grants o (Read) Mnemonics: input, check in changes. |
j | RdWiki | View wiki articles. Mnemonic: injest page content. (All right, you critics, you do better, then.) |
k | WrWiki | Edit wiki articles. Granting this capability also grants RdWiki and ApndWiki, but it does not grant NewWiki! Mnemonic: kontribute. |
l | ModWiki | Moderate wiki article appends. Appends do not get saved permanently to the receiving repo’s block chain until Setup or someone with this cap approves it. Mnemonic: allow. |
m | ApndWiki | Append content to existing wiki articles. Mnemonic: amend wiki |
n | NewTkt | File new tickets. Mnemonic: new ticket. |
o | Read | Read repository content from a remote Fossil instance over HTTP. See Reading vs. Cloning. Mnemonic: check out remote repo contents. |
p | Password | Change one’s own password. Mnemonic: password. |
q | ModTkt | Moderate tickets: delete comments appended to tickets. Mnemonic: quash noise commentary. |
r | RdTkt | View existing tickets. Mnemonic: read tickets. |
s | Setup | The all-powerful Setup user. Mnemonics: setup or superuser. |
t | TktFmt | Create new ticket report formats. Note that although this allows the user to provide SQL code to be run in the server’s context, and this capability is given to the untrusted “anonymous” user category by default, this is a safe capability to give to users because it is internally restricted to read-only queries on the tickets table only. (This restriction is done with a SQLite authorization hook, not by any method so weak as SQL text filtering.) Mnemonic: new ticket report. |
u | n/a | Inherit all capabilities of the “reader” user category; does not have a dedicated flag internally within Fossil. Mnemonic: user |
v | n/a | Inherit all capabilities of the “developer” user category; does not have a dedicated flag internally within Fossil. Mnemonic: developer. |
w | WrTkt | Edit existing tickets. Granting this capability also grants RdTkt, ApndTkt, and NewTkt. Mnemonic: write to ticket. |
x | Private | Push or pull private branches. Mnemonic: exclusivity; “x” connotes unknown material in many Western languages due to its traditional use in mathematics. |
y | WrUnver | Push unversioned content. Mnemonic: yield, sense 4: “hand over.” |
z | Zip | Pull archives of particular repository versions via /zip, /tarball, and /sqlar URLs. This is an expensive capability to grant, because creating such archives can put a large load on a Fossil server which you may then need to manage. Mnemonic: zip file download. |
2 | RdForum | Read forum posts by other users. Mnemonic: from thee 2 me. |
3 | WrForum | Create new forum threads, reply to threads created by others, and edit one’s own posts. New posts are held for moderation and do not appear in repo clones or syncs. Granting this capability also grants RdForum. Mnemonic: post for 3 audiences: me, the mods, and the Man. |
4 | WrTForum | Extends WrForum, bypassing the moderation and sync restrictions. Mnemonic: post 4 immediate release. |
5 | ModForum | Moderate forum posts. Granting this capability also grants WrTForum and RdForum, so a user with this cap never has to moderate their own posts. Mnemonic: “May I have 5 seconds of your time, honored Gatekeeper?” |
6 | AdminForum | Users with this capability see a checkbox on unmoderated forum posts labeled “Trust user X so that future posts by user X do not require moderation.” Checking that box and then clicking the moderator-only “Approve” button on that post grants WrTForum capability to that post’s author. There is currently no UI for a user with this cap to revoke trust from a user once it is granted; only Admin and Setup can currently revoke granted caps. Granting this capability also grants ModForum and those it in turn grants. Mnemonic: “I’m 6 [sick] of hitting Approve on your posts!” |
7 | EmailAlert | User can sign up for email alerts. Mnemonic: Seven can wait, I’ve got email to read now. |
A | Announce | Send email announcements to users signed up to receive them. Mnemonic: announce. |
C | Chat | Allow access to the /chat room. |
D | Debug | Enable debugging features. Mnemonic: debug. |
L | Is-logged-in | This is not a real capability, but is used in certain capability checks, e.g. via capexpr. It resolves to true if the current user is logged in. Mnemonic: Logged in. |