Extension:NSFileRepo

From MediaWiki.org

Jump to: navigation, search
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions


This extension requires patches to core MediaWiki code when used with MediaWiki 1.15.1 and before. Extensions implemented using patches may be disabled by or interfere with upgrades and security patches. If you would like to use this extension, we strongly recommend you upgrade to a version later than 1.15.1. Alternatively, if a suitable alternative without a patch is available, we recommend you use that extension instead.


           

Manual on MediaWiki Extensions
List of MediaWiki Extensions
Crystal Clear action run.png
NSFileRepo

Release status: stable
Implementation  User rights
Description implements per-namespace group permissions for image and file rights protection
Author(s)  Jack D. Pond (JpondTalk)
Last Version  1.1 (2009-10-15)
MediaWiki  1.13, 1.14, 1.15, 1.16
License GNU General Public Licence 2.0
Download Download snapshot

Subversion [Help]
Browse source code

README
log

check usage (experimental)

[edit] What can this extension do?

The NSFileRepo restricts access to upload and read files and images to a given set of user groups associated with protected namespaces. Using this extension (within the security limitations noted above), you can protect not only pages and areas of your wiki, but also any uploaded images or files within those namespaces.

Namespaces are mechanism for grouping/separating wiki pages.

  • See Help:Namespaces for more user help documentation on what they are and how they are used.
  • See Manual:Namespace for system administration details on Mediawiki's namespace feature
  • See Project:Namespaces for an explanation of how namespaces are used on mediawiki.org

Contents

[edit] Usage

Generically, you use the same syntax as a normal file/image reference link, adding the namespace between the file specifier ("File","Image", or "Media"), and the file name:

[[{FILE_NS}:{Namespace}:{Filename}]]

Example(Where "Project" is the protected namespace and "ProjectFile.pdf" is the file to which you wish to limit access):

[[File:Project:ProjectFile.pdf]]


The standard for accessing files/images is generally:

[[File:Filename.txt]]
[[Image:Filename.jpg]]
[[Media:Filename.pdf]]

This extension allows you to protect access to files/images, by adding the namespace text identifier after the file namespace identifier, for example(Where "Project" is the protected namespace and "ProjectFile.xxx" is the file to which you wish to limit access):

[[File:Project:Filename.txt]]
[[Image:Project:Filename.jpg]]
[[Media:Project:Filename.pdf]]

It may be helpful to understand the default security model used by MediaWiki using the instructions below:

Limitations of security are the same as for Extension Lockdown. To review these limitations, please reference here.

To use the full capabilities of this extension (e.g., specific namespace protections), you will need to install and use the namespace protections provided through Extension:Lockdown.

This extension was made possible by the introduction of Repository Classes by Tim Starling - an elegant and brilliant implementation. It uses a new Local Repository class mechanism. Technical details on how this extension works can be found here.

[edit] Announcements

  • Starting with version 1.16.0, this extension will require no patching. Updates were made to make more efficient and easier to use.
  • The first version of this (Rel 0.0) was released 2009-07-11. The following activities are underway to make this extension easier to install and use, including:
    • Modifying and updating the standard version of img_auth.php to include localization and a hook necessary for this extension. Will hopefully be approved for version 1.16
    • Discussing ways to allow modification of wfStripIllegalFilenameChars so that future patching will not be needed.

[edit] Release Notes

[edit] NSFileRepo 1.2

  • Fixed bug with reuploads and versioning
  • Added protection to archived files and thumbs
  • Known bug - deleted files are removed from protected Namespace and can be accessed - working on fix, but for now, recommend do not delete files.

[edit] NSFileRepo 1.1

First fully tested version, works with MW 1.13.1, 1.14.1, 1.15.1 with patches Works with 1.16.0 (trunk) without patches.

[edit] Download instructions

This Extension and the necessary patch/files may be downloaded from one of the following (SVN preferred). The distribution is the same for all versions of MW, 1.13.0 through Current.


Copy all files and directories into directory:

$IP/extensions/NSFileRepo

[edit] Installation

You will need to read and understand two other required enhancements to MediaWiki:

Please read and understand before executing the following instructions

  1. Download and install Extension Lockdown. If you have not installed
  2. Download and copy the NSFileRepo extension into directory $IP/extensions/NSFileRepo
  3. Activate the Image Authorization according to instructions found in Image Authorization


[edit] Installation on versions 1.13.0 through 1.15.1

Up until 1.16.0, MediaWiki required a small patch to includes/GlobalFunctions.php. After that time, no patches are required, so you can skip to Activating NSFileRepo if you are using MW version 1.16.0 and higher. NO PATCHES ARE NEEDED FOR MW Version 1.16.0 and higher.

  1. Copy the img_auth.php the distribution in directory {release}/phase3/ to your wiki code base directory ($IP). This will overwrite the existing img_auth.php file. Alternately you could copy img_auth.php to another name in the same directory, then use that file name instead of img_auth.php (but still must be in the $IP directory).
  2. $IP/include/GlobalFunctions.php Must be patched. This is a very minor patch to remove the disabling of colons (':'). You can do this one of three ways (whichever you're most comfortable with):
    1. Edit the file according to instructions below
    2. If you have not otherwise patched the file, you may want to copy it from the distribution, which will be in a directory corresponding to the release you are using under {release}/phase3/includes/GlobalFunctions.php
    3. Apply the patch which will be in a directory corresponding to the release you are using under {release}/phase3/includes/GlobalFunctions.patch

[edit] Activating NSFileRepo

  1. To activate this extension, add the following to LocalSettings.php:
require_once("$IP/extensions/NSFileRepo/NSFileRepo.php");

[edit] Configuration parameters

The user rights and configuration requiremements are are the same as described in Extension Lockdown.

[edit] Patch GlobalFunctions.php

In version 1_13_0, a new function wfStripIllegalFilenameChars was added to includes/GlobalFunctions.php. This prevents the extension from determining the namespace associated with the file/image. For this extension to work in versions 1_13_0 through 1_15_1, you will need to make a minor patch to includes/GlobalFunctions.php as follows:

Index: GlobalFunctions.php
===================================================================
--- GlobalFunctions.php	(revision 52849)
+++ GlobalFunctions.php	(working copy)
@@ -3034,6 +3034,6 @@
  */
 function wfStripIllegalFilenameChars( $name ) {
 	$name = wfBaseName( $name );
-	$name = preg_replace ( "/[^".Title::legalChars()."]|:/", '-', $name );
+	$name = preg_replace ( "/[^".Title::legalChars()."]/", '-', $name );
 	return $name;
 }


You need to remove the "or :" clause from the REGEX expression by deleting the characters "|:"

[edit] See also

Languages Language: 

English
Retrieved from "http://www.mediawiki.org/wiki/Extension:NSFileRepo"