Extension:Prefix Security
From MediaWiki.org
For further details, see Security issues with authorization extensions
 Release status: stable |
|
|---|---|
| Implementation | Special page, User rights, Tag |
| Description | Extension for controlling page-specific user rights based on titles and their prefixes |
| Author(s) | Borut Tomažin |
| Last Version | 1.1.0 |
| MediaWiki | 1.6.3 + |
| License | No license specified |
| Download | ReadMe.txt Installation.php GroupsAdministration.php PrefixAdministration.php PageRestrictionHooks.php |
| Added rights | GNU General Public Licence 2.0 or later |
| Hooks used | userCan |
Contents |
[edit] Introduction
| Warning: Although this extension enhances the security of handling MediaWiki articles, it probably still has security breaches.
Please read about security issues with authorization extensions. |
This extension allows the sysops to define a set of page title prefixes and set prefix-specific access rights to individual user or user groups. The administration privilege can also be granted to other users by adding something like the following line to LocalSettings.php:
$wgGroupPermissions['logged']['prefixAdministration'] = array( "username1", "username2" );
The extension consists of three main parts:
Let's take a quick tour....
[edit] GroupsAdministration
GroupsAdministration is a generic extension for managing user groups. A user can be added or removed from specified group.
[edit] PrefixAdministration
PrefixAdministration is an extension for defining page prefixes.
[edit] PageRestrictionHooks
PageRestrictionHooks is the core of the extension with special hooks that actually do the job of allowing and denying reading and/or editing. It uses the following hooks:
* $wgHooks[ 'userCan' ][] = 'RestrictHookRead'; * $wgHooks[ 'AlternateEdit' ][] = 'RestrictHookEdit'; * $wgHooks[ 'ArticleSaveComplete' ][] = 'CheckAllowAndForbidTags'; * $wgHooks[ 'ParserAfterTidy' ][] = 'DescribeRestrictionsHook';
I have also used my own defined tags for managing with three types of tags.
* $wgParser->setHook( RESTRICT_TAG, "TagRestrictHookRead" ); * $wgParser->setHook( ALLOW_TAG, "TagRestrictHookAllow" ); * $wgParser->setHook( FORBID_TAG, "TagRestrictHookForbid" );
You can insert them into an article like this:
* <RESTRICT groups="..." users="...">Restricted text</RESTRICT> * <ALLOW groups="..." users="...">Allowed text</ALLOW> * <FORBID groups="..." users="...">Forbidden text</FORBID>
[edit] Usage example
- Go to your Special Pages page and find pages GroupsAdministration and PrefixAdministration
- If you want to define new prefix for page name "Newpage", type something like "New". It will affect ony every page that starts with word "New".
[edit] Explanation
This extension should be useful for a large and diverse group of people which wants use Wiki as a documentation repository, but without making every document available to everyone. For easier use, the pages that should be accessible to the same subgroup should have a common prefix, for instance the name of the project that these people are working on. We can then use the prefix administration page to set the read and write privileges for anonymous guests, registered user and to individual users. User can also be grouped (groups can, of course, overlap), so that an entire group can be granted or denied read or write access to the page.
[edit] Features
- Handling/defining permission groups
- Controlling groups permission
- Creation of page prefixes
- Manipulation of users ang groups for prefixes
[edit] Installation instructions
[edit] Installation requirements
- This extension requires hooks in MediaWiki 1.6.3 or later.
- This extension requires PHP 5 or later.
[edit] Installing the extension
To install the extensions follow this steps (detailed):
- Download the latest version (v1.1.0) and put all files into /extensions directory:
Installation.php Code GroupsAdministration.php v1.1.0 Code PrefixAdministration.php v1.1.0 Code PageRestrictionHooks.php v1.1.0 Code
- Edit your LocalSettings.php file and add the following lines:
require_once( 'extensions/GroupsAdministration.php' ); require_once( 'extensions/PrefixAdministration.php' );
- After all go to your MediaWiki website and login as Sysop. On the "toolbox" menu click on "Special pages" link and GroupsAdministration where you will get further installation instructions.
[edit] Possible problems
[edit] User cannot login to the system
This occurs when the installation script do not add two default prefixes into database table "page_prefixes". They look's like this:
Other (technical) way to solve the problem is to embed this line into LocalSettings.php file:
$wgGroupPermissions['logged']['prefixAdministration'] = array( "username1", "username2" );
[edit] Installation process failed
-first table
CREATE TABLE `page_prefixes` (
`id` int(8) NOT NULL auto_increment,
`page_prefix` varchar(255) NOT NULL,
`user_id` text NOT NULL,
`group_name` text NOT NULL,
`read_permission` varchar(1) NOT NULL,
`edit_permission` varchar(1) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
INSERT INTO `page_prefixes` VALUES (-1, '', '-1', '', 'y', 'y');
INSERT INTO `page_prefixes` VALUES (-2, '', '-2', '', 'y', 'n');
-second table
CREATE TABLE `page_prefixes_auto` (
`id` int(8) NOT NULL auto_increment,
`page_title` varchar(255) NOT NULL,
`user_id` varchar(255) NOT NULL,
`group_name` varchar(255) NOT NULL,
`tag_type` varchar(20) NOT NULL,
PRIMARY KEY (`id`)
) ENGINE=MyISAM AUTO_INCREMENT=1;
[edit] Notes
- Extensions were tested on MediaWiki versions 1.6.3, 1.6.5 and 1.9.3. I do not guarantee I will works on higher versions.
[edit] Change Log
- Version 1.0.0 {21.08.2006} (Initial release)
- Version 1.1.0 {19.02.2007}
- Version 1.1.0 {19.08.2007} (Update)
[edit] Author contact
- You can contact me at any time for help with installation or configuration of 'Prefix Security extensions'.
