Extension:FlaggedRevs/Restricting unapproved revisions
From MediaWiki.org
 |
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job. For further details, see Security issues with authorization extensions |
This page describes how to only give read access to the stable versions of articles to anonymous users for MediaWiki 1.17+.
Contents |
[edit] Basic idea
This approach works as follows:
- (i) Make all pages unreadable and uneditable by non-users (that is, readable only for users)
- (ii) But make the stable version of pages an exception in that they are readable to non-users
The details to do this are described in the next few sections.
[edit] Making the site readable only by users
See Manual:Preventing_access#Restrict_viewing_of_all_pages and Manual:Preventing_access#Restrict_editing_of_all_pages
Add these lines to your LocalSettings.php file:
# Disable reading by anonymous users $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; # But allow them to read e.g., these pages: $wgWhitelistRead = array ( "Main Page", "Special:Userlogin", "Help:Contents"); # Like previous, but for French (be careful of encoding! save file as UTF-8!) # $wgWhitelistRead = array( ":Page Principale", "Special:Userlogin", "Aide en français");
[edit] Adding stable version as exemption for non-users
Add the following to LocalSettings.php:
# Flagged revisions are always visible to users with rights below.
# Use '*' for non-user accounts. This is for read-restricted wikis.
$wgFlaggedRevsVisible = array( '*' );
Note: $wgFlaggedRevsVisible is an array of user groups. Setting it to array('*') will let all visitors be able to see the stable version of pages. Setting it to array('supergroup') will make the stable versions visible to users in the group 'supergroup'.
Note: You also don't have to use these global variables and can just hard code whatever is needed into the efFlaggedRevsHooks_userCanView function mentioned below.
[edit] MediaWiki >= 1.19
Add the following code to localsettings.php (or an appropriate custom start-up config file):
$wgHooks['TitleReadWhitelist'][] = 'efFlaggedRevsHooks_userCanView';
...and then define the following function:
function efFlaggedRevsHooks_userCanView( Title $title, $user, &$result ) { global $wgFlaggedRevsVisible, $wgTitle; if ( empty( $wgFlaggedRevsVisible ) ) { return true; } # Admin may set this to false, rather than array()... $groups = $user->getGroups(); $groups[] = '*'; if ( !array_intersect( $groups, $wgFlaggedRevsVisible ) ) { return true; } # See if there is a stable version. Also, see if, given the page # config and URL params, the page can be overriden. The later # only applies on page views of $title. if ( !empty( $wgTitle ) && $wgTitle->equals( $title ) ) { $view = FlaggablePageView::singleton(); // Cache stable version while we are at it. if ( $view->showingStable() ) { $result = true; } } else { // Search and such need to know that the reader can view this page if ( FlaggedRevision::newFromStable( $title ) ) { $result = true; } } return true; }
[edit] MediaWiki <= 1.18
Add the following code to localsettings.php (or an appropriate custom start-up config file):
$wgHooks['userCan'][] = 'efFlaggedRevsHooks_userCanView';
...and then define the following function:
function efFlaggedRevsHooks_userCanView( Title $title, $user, $action, &$result ) { global $wgFlaggedRevsVisible, $wgTitle; # Assume $action may still not be set, in which case, treat it as 'view'... # Return out if $result set to false by some other hooked call. if ( $action !== 'read' || $result === false || empty( $wgFlaggedRevsVisible ) ) { return true; } # Check if user is in a group that at least lets them see stable versions $groups = array_merge( $user->getGroups(), array( '*' ) ); if ( !array_intersect( $groups, $wgFlaggedRevsVisible ) ) { return true; } # See if there is a stable version. Also, see if, given the page # config and URL params, the page can be overriden. The later # only applies on page views of $title. if ( !empty( $wgTitle ) && $wgTitle->equals( $title ) ) { $view = FlaggedArticleView::singleton(); // Cache stable version while we are at it. if ( $view->showingStable() ) { $result = true; } } else { // Search and such need to know that the reader can view this page if ( FlaggedRevision::newFromStable( $title ) ) { $result = true; } } return true; }
[edit] Caveats
Warning: This does not work well with img_auth.php, as non-user viewers will not be able to see images. You will probably just want to leave images public but under hashed directories to make them harder to find. This is acceptable if there are no private files and the main concern is just not to release unverified content.- Warning: The search index is still based on the current version of pages, but only results for pages with stable versions are displayed at Special:Search. If a stable version is out of date then unreviewed content for that page becomes theoretically discoverable by brute force searching.
Note: This will probably be useless without having $wgFlaggedRevsOverride = true.- Note: Make sure that
$wgWhitelistReadis set properly. You will at least want something like$wgWhitelistRead = array( 'Main Page', 'Special:Search' ). You may also want visible directory or category pages. Otherwise, the wiki will be hard to browse for readers. - Note: You will probably want to edit MediaWiki:loginreqpagetext to make it more detailed. It will come up in various situations and thus should explain the approval system setup.
