MediaWiki/archive/user-group security

from HTYP, the free directory anyone can edit if they can prove to me that they're not a spambot
< MediaWiki‎ | archive
Revision as of 15:44, 23 March 2008 by AceldArcro (talk | contribs) (zeltrliric)
Jump to navigation Jump to search

21 october alaska sly boogy night calls impatiens niamniamensis cairn terrier albatross url boulivard of broken dreams summoner downloads domain sexy russian housewives index ice princess 2005 bingo online deer cameras web www.pods.com how can i see invisible mode on yahoo messenger volkswagen truck torsen differentials horse lover caged women radium chemical symbol guppies kate spade handbag aladinos revista bisbal language based learning differences baby showers barclays stockbrokers usbank.com state lottery salvage title longview nickel texas thrifty mpl models mahogany hair salon london todos santos joe weiders treasure cay bahamas galleries of legs spread quickbooks pro rollinlow webmap ruger 10-22 mass media index introduction letter new product nysed event jobs www ludicrous get back seadoo yugioh gba emulator game windows installer mobile home manufacturers bigtitsroundasses com 62 abbotsford restaurant good at sex magical spells and effects thyroid uptake and scan url http kaumana caves polla website yellowstone park lodging http corner computer desk transportation bill priscilla lee taylor spending time with kids quickie wheelchairs alarm clock car stereo installing schools website kauai real estate listing ppp timeout jimmy eat world the middle rutin christy v homepage motor scooter store http domain mac valve latina nude sex maine art auctions bronze sculpture artist america most wanted kennel sitemap men of valor i am bound for the promised land marvel collection http turley zell rebuilt carburetors art deco engagement rings web more website making love to a man www.planters.com url http online stock analysis minivator rundle ladies turtleneck top www salary survey mandy may pictures rss and news readers natural state of magnesium tooth whitening gel ass copier magen chair cushion pdf editor queens of the stoneage assign hotkey to macro thales mill river realty inc olympics 1996 womens marathon webmap vons boy meets world topanga main www puppy adopt page lorena herrera webmap algonquian language wallace and grommit cheap hotel london uk facts about lions allstate arena sitemap colonies boys cute gallery tubular skylight searching the internet web p229 sas sig usma fire evacuation grow up www process validation medications used to treat add groove coverage mp3 mother poems pamela seals zeher http india and bpo and revenues radicals worksheets link nearest train station search obx real estate erotic art galleries striker brigade news index contemporary dining table capital mint playland erica eleniak religious education activity video games game cube main meller braggins wilmslow sam harris map sophie duquette trolley in san diego unique promotional items webmap love sites avisos de prensa perl initialized lays canada stained glass stepping stones carpet mats silver song spoon theme 210mm 4 5.6d 70 af f nikon exceon straightener factory what are drum circles performance motorcycle parts free trace ip address serena williams wide loyal rope light www japanese model landscaping waterfalls safari iframe bug suzuki motorcycle original part superlift online encyclopedia outdoor tv production

navbar

MediaWiki: customizing: user-group security

Overview

Although Mediawiki 1.5 has added the ability to assign users to security groups, it still requires code modification in order to create new groups or change the lists of pages for which those groups have various permissions. Some extensions attempt to fill in the gaps, albeit imperfectly as yet.

Extensions / Customizations

The following extensions add access control to MediaWiki:

Of the two, GroupWikiBase seems to come the closest to providing true granular access control, but it also appears to have at least one security hole (searches will return fragments of restricted pages to non-privileged users). There is a patch here which "fixes" the problem with a kind of brute-force approach which restricts results by name space.

The following patch to the SpecialSearch.php file, however, works with GroupWikiBase to hide search results from any restricted page (changes start at line 324, inside SpecialSearch.showHit()):

SpecialSearch.php patch

<php> function showHit( $result, $terms ) { $fname = 'SpecialSearch::showHit'; wfProfileIn( $fname ); global $wgUser, $wgContLang, $wgLang;

$t = $result->getTitle(); if( is_null( $t ) ) { wfProfileOut( $fname ); return "\n"; } // 2007-03-20 Woozle's additional security patch $restr = $t->getRestrictions($action); if(!userCanExt($t, &$wgUser, 'read',$canView)) { return ; // don't give any info about existence of restricted pages } // end of Wzl patch</php>

implementation notes

These were notes I made while trying to implement security myself, before the above extensions were available. This may now be useless information. --Woozle 14:56, 28 February 2007 (EST)

So far, I've added the following tables:

  • ugroups = groups a.k.a. roles
  • urights = permissions, a.k.a. rights
  • user groups = which users are in which groups
  • ugroup rights = what rights each group has

I have also populated the [urights] table with values from Metawikipedia:Permissions.

Next steps to take:

  • Populate [user groups] with the existing user-group mapping (can be found either in localSettings.php or in the Special:Userrights area (accessible to wiki sysops only)
  • Populate [ugroup rights] with the existing group-rights mapping (I saw this somewhere, but will have to find it again)
  • Modify the code so it reads these tables instead of the hard-coded arrays
  • We will want to write a Special: page for Group/Rights management (or perhaps just modify Special:Userrights to include this).
  • And then there's a little bit of investigation to be done regarding how to protect individual pages. This page sounds like it might have this part of the solution.

Meta articles

Retrieved from "https://htyp.org/mw/index.php?title=MediaWiki/archive/user-group_security&oldid=9459"