Difference between revisions of "MediaWiki/archive/user-group security"
m (MediaWiki User-Group Security moved to MediaWiki user-group security) |
(→Overview: extensions from main MediaWiki page; notes on GroupWikiBase) |
||
| Line 2: | Line 2: | ||
[[MediaWiki]]: [[MediaWiki customization|customizing]]: [[MediaWiki user-group security|user-group security]] | [[MediaWiki]]: [[MediaWiki customization|customizing]]: [[MediaWiki user-group security|user-group security]] | ||
==Overview== | ==Overview== | ||
| − | Although Mediawiki 1.5 has added the ability to assign users to security groups, it still requires code modification in order to create new groups or change the lists of pages for which those groups have various permissions. | + | Although Mediawiki 1.5 has added the ability to assign users to security groups, it still requires code modification in order to create new groups or change the lists of pages for which those groups have various permissions. Some extensions attempt to fill in the gaps, albeit imperfectly as yet. |
| + | ==Extensions / Customizations== | ||
| + | The following extensions add access control to MediaWiki: | ||
| + | * [[metawikipedia:Page by page access|Page by page access]]: page-based access control | ||
| + | * [[metawikipedia:GroupWikiBase|GroupWikiBase]]: page-based access control | ||
| + | |||
| + | Of the two, GroupWikiBase seems to come the closest to providing true granular access control, but it also appears to have at least one security hole (searches will return fragments of restricted pages to non-privileged users). I am still investigating to see if this is a configuration issue or a hole/bug (see [[metawikipedia:Talk:GroupWikiBase]]). --[[User:Woozle|Woozle]] 14:45, 28 February 2007 (EST) | ||
| + | |||
==Working Notes== | ==Working Notes== | ||
So far, I've added the following tables: | So far, I've added the following tables: | ||
Revision as of 19:45, 28 February 2007
MediaWiki: customizing: user-group security
Overview
Although Mediawiki 1.5 has added the ability to assign users to security groups, it still requires code modification in order to create new groups or change the lists of pages for which those groups have various permissions. Some extensions attempt to fill in the gaps, albeit imperfectly as yet.
Extensions / Customizations
The following extensions add access control to MediaWiki:
- Page by page access: page-based access control
- GroupWikiBase: page-based access control
Of the two, GroupWikiBase seems to come the closest to providing true granular access control, but it also appears to have at least one security hole (searches will return fragments of restricted pages to non-privileged users). I am still investigating to see if this is a configuration issue or a hole/bug (see metawikipedia:Talk:GroupWikiBase). --Woozle 14:45, 28 February 2007 (EST)
Working Notes
So far, I've added the following tables:
- ugroups = groups a.k.a. roles
- urights = permissions, a.k.a. rights
- user groups = which users are in which groups
- ugroup rights = what rights each group has
I have also populated the [urights] table with values from Metawikipedia:Permissions.
Next steps to take:
- Populate [user groups] with the existing user-group mapping (can be found either in localSettings.php or in the Special:Userrights area (accessible to wiki sysops only)
- Populate [ugroup rights] with the existing group-rights mapping (I saw this somewhere, but will have to find it again)
- Modify the code so it reads these tables instead of the hard-coded arrays
- We will want to write a Special: page for Group/Rights management (or perhaps just modify Special:Userrights to include this).
- And then there's a little bit of investigation to be done regarding how to protect individual pages. This page sounds like it might have this part of the solution.
Meta articles
- Help:User rights: list of permissions currently used in code
- Hidden pages: "Here are some thoughts on introducing the feature of hidden pages that are only visible and editable by some users."
- Page access restriction with MediaWiki: "I made a patch to enable page restriction under the MediaWiki software."
- Permissions: seems to be a Special page for displaying Permissions data. Not sure how useful this is.
- Articles which are only vaguely related:
- MediaWiki FAQ
- Write your own MediaWiki extension (this should be in Customization)
- Category:Mediawiki Extensions (should probably also be in Customization)