So, the first is to make the desired categories private. You have two ways for switching categories to private :

1. by editing a single category : [administration panel » Categories » Manage » edit]
2. by setting options to your whole category tree : [administration panel » Categories » Public/Private]

At creation, a category can be public or private, depending on configuration and parent category :

• status = $conf['newcat_default_status'] if parent category is public. This configuration parameter must be set in include/config.inc.php file.
• status = private if parent category is private

When editing category access status, automatic rules are applied :

• if status goes from public to private, all child categories become private
• if status foes from private to public, all parent categories become public. We are not talking about cousins, but parents to the root of categories.

Let's give a simple example, shown in next screenshots. At beginning, all categories are public :

Then you decide to set {animals » cat} (the selected category above) to private

All children categories become private automatically. Then, you decide that {animals » cat » 8 weeks} must in fact be public :

All parent categories become public automatically. The parent categories of {animals » cat » 8 weeks} are {animals » cat} (previously private) and {animals} (which was already public)

Permissions are managed by group or by user. For a private category, permissions tell whether the user (or users belonging to the group) can reach the category.

Two screens let you modify permissions :

• [administration panel » Permissions » users] : for a particular user, lists all private categories separated in two boxes : authorized on the left, forbidden on the right. You can also enter this permissions management screen by screen [administration panel » Identification » users] and use link to permissions in the users list.

• [administration panel » Permissions » groups] : for a particular group, lists all private categories the same way as for users.

Here follows a list a rules used by PhpWebGallery concerning permissions

• for a group or a user, forbidding a category makes all child categories forbidden
• for a group or a user, authorizing a category makes all parent categories authorized
• for a group, authorizing a category makes this category authorized to all members of the group (same effect for parent categories thanks to previous rule)
• a user can reach a private category if he's authorized to or if he belongs to any group authorized to reach the category
• denying a user from a group makes the user lose all authorizations won by belonging to this group
• a new user has no permission