Fossil

User Capability Reference
Login

Here we document each currently-defined user capability character in more detail than the brief summary on the “key” page in the Fossil user editor. Each row gives the capability letter used in the Fossil user editor followed by the C code’s name for that cap within the FossilUserPerms object, so you can use this reference both from the UI down and from the C code up.

The mnemonics given here vary from obviously-correct to post facto rationalizations to the outright fanciful. To some extent, this is unavoidable.

Reference

? Name Description
a Admin Admin users have all of the capabilities below except for setup, Private, and WrUnver. See Admin vs. Setup for a more nuanced discussion. Mnemonic: administrate.
b Attach Add attachments to wiki articles or tickets. Mnemonics: bind, button, bond, or bolt.
c ApndTkt Append comments to existing tickets. Mnemonic: comment.
d n/a Legacy capability letter from Fossil's forebear CVSTrac, which has no useful meaning in Fossil due to the nature of its durable Merkle tree design. This letter was assigned by default to Developer in repos created with Fossil 2.10 or earlier, but it has no effect in current or past versions of Fossil; we recommend that you remove it in case we ever reuse this letter for another purpose. See this post for details.
e RdAddr View personal identifying information (PII) about other users such as email addresses. Mnemonics: show email addresses; or Europe, home of GDPR.
f NewWiki Create new wiki articles. Mnemonic: fast, English translation of the Hawaiian word wiki.
g Clone Clone the repository. Note that this is distinct from check-out capability, o. Mnemonic: get.
h Hyperlink Get hyperlinks in generated HTML which link you to other parts of the repository. This capability exists so we can deny it to the “nobody” category, to prevent bots from wandering around aimlessly in the site’s hyperlink web, chewing up server resources to little good purpose. Mnemonic: hyperlink.
i Write Check changes into the repository. Note that a lack of this capability does not prevent you from checking changes into your local clone, only from syncing those changes up to the parent repo, and then only over HTTP. Granting this capability also grants o (Read) Mnemonics: input, check in changes.
j RdWiki View wiki articles. Mnemonic: injest page content. (All right, you critics, you do better, then.)
k WrWiki Edit wiki articles. Granting this capability also grants RdWiki and ApndWiki, but it does not grant NewWiki! Mnemonic: kontribute.
l ModWiki Moderate wiki article appends. Appends do not get saved permanently to the receiving repo’s block chain until Setup or someone with this cap approves it. Mnemonic: allow.
m ApndWiki Append content to existing wiki articles. Mnemonic: amend wiki
n NewTkt File new tickets. Mnemonic: new ticket.
o Read Read repository content from a remote Fossil instance over HTTP. See Reading vs. Cloning. Mnemonic: check out remote repo contents.
p Password Change one’s own password. Mnemonic: password.
q ModTkt Moderate tickets: delete comments appended to tickets. Mnemonic: quash noise commentary.
r RdTkt View existing tickets. Mnemonic: read tickets.
s Setup The all-powerful Setup user. Mnemonics: setup or superuser.
t TktFmt Create new ticket report formats. Note that although this allows the user to provide SQL code to be run in the server’s context, and this capability is given to the untrusted “anonymous” user category by default, this is a safe capability to give to users because it is internally restricted to read-only queries on the tickets table only. (This restriction is done with a SQLite authorization hook, not by any method so weak as SQL text filtering.) Mnemonic: new ticket report.
u n/a Inherit all capabilities of the “reader” user category; does not have a dedicated flag internally within Fossil. Mnemonic: user
v n/a Inherit all capabilities of the “developer” user category; does not have a dedicated flag internally within Fossil. Mnemonic: developer.
w WrTkt Edit existing tickets. Granting this capability also grants RdTkt, ApndTkt, and NewTkt. Mnemonic: write to ticket.
x Private Push or pull private branches. Mnemonic: exclusivity; “x” connotes unknown material in many Western languages due to its traditional use in mathematics.
y WrUnver Push unversioned content. Mnemonic: yield, sense 4: “hand over.”
z Zip Pull archives of particular repository versions via /zip, /tarball, and /sqlar URLs. This is an expensive capability to grant, because creating such archives can put a large load on a Fossil server which you may then need to manage. Mnemonic: zip file download.
2 RdForum Read forum posts by other users. Mnemonic: from thee 2 me.
3 WrForum Create new forum threads, reply to threads created by others, and edit one’s own posts. New posts are held for moderation and do not appear in repo clones or syncs. Granting this capability also grants RdForum. Mnemonic: post for 3 audiences: me, the mods, and the Man.
4 WrTForum Extends WrForum, bypassing the moderation and sync restrictions. Mnemonic: post 4 immediate release.
5 ModForum Moderate forum posts. Granting this capability also grants WrTForum and RdForum, so a user with this cap never has to moderate their own posts. Mnemonic: “May I have 5 seconds of your time, honored Gatekeeper?”
6 AdminForum Users with this capability see a checkbox on unmoderated forum posts labeled “Trust user X so that future posts by user X do not require moderation.” Checking that box and then clicking the moderator-only “Approve” button on that post grants WrTForum capability to that post’s author. There is currently no UI for a user with this cap to revoke trust from a user once it is granted; only Admin and Setup can currently revoke granted caps. Granting this capability also grants ModForum and those it in turn grants. Mnemonic: “I’m 6 [sick] of hitting Approve on your posts!”
7 EmailAlert User can sign up for email alerts. Mnemonic: Seven can wait, I’ve got email to read now.
A Announce Send email announcements to users signed up to receive them. Mnemonic: announce.
C Chat Allow access to the /chat room.
D Debug Enable debugging features. Mnemonic: debug.
L Is-logged-in This is not a real capability, but is used in certain capability checks, e.g. via capexpr. It resolves to true if the current user is logged in. Mnemonic: Logged in.