-access
Directorycontent/examples/
Directory07_protecting_a_folder/
- -t-readme.txt
- -access
-access:
# YAML NOTE: Indentation, spacing and text case are super important.# This file must be encoded as Unicode (UTF-8) for it to work properly.
# Note: Users and groups have to be created first in your settings before this will work.
allow_users: [username, username, etc]allow_groups: [groupname, groupname, etc]deny_users: [username, username, etc]deny_groups: [groupname, groupname, etc]Does not apply to sub-folders:
current_folder: allow_users: [username, username, etc] allow_groups: [groupname, groupname, etc] deny_users: [username, username, etc] deny_groups: [groupname, groupname, etc]What the loader does today: an -access file’s allow_users / allow_groups /
deny_users / deny_groups rules (plus the folder-scoped current_folder variant)
are parsed and captured as typed data on the folder entry — this is intent
capture, not gating. [Source: docs/spec/SPEC-access.md §1–§3]
What it does NOT do yet: no request is ever denied because of an -access
file. There’s no login, no session, and no check_access() equivalent running at
build or request time in this static site — every page under a -access-marked
folder builds and serves exactly like any other. This is the honest state of the
feature today, not a bug: the port’s own roadmap explicitly defers auth
enforcement.