Extension:Restrict access by category and group
From MediaWiki.org
 |
If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job. For further details, see Security issues with authorization extensions |
 Release status: stable |
|||
|---|---|---|---|
| Implementation | User rights | ||
| Description | Restrict access to pages by users groups and documents categories | ||
| Author(s) | Andrés Orencio Ramírez Pérez - Andy (lodopidoloTalk) | ||
| Last version | 1.02 (Extension talk) (2012-01-20) | ||
| MediaWiki | Tested on 1.12.0 to 1.16.0 | ||
| License | GPL | ||
| Download | No link | ||
|
|||
|
Check usage (experimental) |
|||
Contents |
[edit] What can this extension do?
This extension can restrict access to users by group and document category.
Even though Mediawiki is a free/public access collaborative document tool, sometimes it can be helpful, especially in business environments, to have a restricted view of wiki documents.
For example, department's financial documents should not be accessed by customer services users.
In this extension you can establish four access restrictions:
- Public: White pages: those are public pages that can be accessed by everybody. This is helpful when you have a private mediawiki and anonymous can only authenticate and see Main page. See $wgWhitelistRead.
- Public categories: those are all categories that aren't in your groups.php file. Those categories are public.
- No public categories: those are all categories that are in your groups.php file. Those categories are restricted. Documents that belong to these categories may be accessed by users who belong to at least one of these groups.
- Private categories:those are all categories that are in your groups.php file with [private] = true option. These categories are private, and only users who belong to all categories closed to which the document will have access.
[edit] Usage
All documents you want to restrict access to, you must to add to a category. So you have multiples categories.
Files:
- $IP/extensions/rabcg/rabcg.php: this is the extension.
- $IP/extensions/rabcg/groups.php: this is the group catalog.
In your groups.php file, you must add the categories you want to make no public or private. This is made by group definition. For Example:
<?php // This is a no public category: Financial no public data. $wgGroupPermissions['Financial no public data']['*'] = true; // This is a private category: Financial private data. $wgGroupPermissions['Financial private data']['private'] = true;
To apply this category to your document, you only must to write:
[[Category:Financial private data]]
This is only one more category of your document.
Previously (after create the groups in you groups.php file), you must make groups assignments to users by Special:UserRights page.
[edit] Download instructions
This extension is not yet in MediaWiki SVN Repository. Therefore, you must copy & paste the following code as is explained in the installation section below.
[edit] Installation
You must follow this steps:
- Create a directory named: $IP/extensions/rabcg ($IP is your mediawiki installation directory).
- Create a file named $IP/extensions/rabcg/rabcg.php with this content (the source code):
<?php $wgExtensionCredits['parserhook'][] = array( 'name' => 'Restrict access by category and group', 'author' =>'Andres Orencio Ramirez Perez', 'url' => 'http://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group', 'description' => 'Restrict access to pages by users groups and documents categories', 'version' => 1.01 ); function userCanGrupoCategoria($title, $user, $action, $result) { global $wgGroupPermissions; global $wgWhitelistRead; global $wgLang; $categoriaValida = false; $existeGrupo = false; $docPoseeCategorias = false; $categoriaPrivada = false; $tmpCatP = false; $catnom = $wgLang->getNsText ( NS_CATEGORY ); $pagBlanca = true; // System categories $systemCat = array(); foreach( array_change_key_case($title->getParentCategories(), CASE_LOWER) as $key => $value ) { $formatedKey = substr($key, (strpos($key, ":") + 1)); $systemCat[$formatedKey] = $value; } // Is this page a white page? if (isset($wgWhitelistRead[0])) { $pagBlanca = in_array($title, $wgWhitelistRead); } // If document has not category, it's public. if (count($title->getParentCategories()) == 0) { $categoriaValida = true; } else { // For each system categories foreach( $wgGroupPermissions as $key => $value ) { // If current system category is defined as private, then tmpCatP is true if (isset($wgGroupPermissions[$key]['private'])) { $tmpCatP = $wgGroupPermissions[$key]['private']; } else { $tmpCatP = false; } // If current system category exist in the document category array ... if ((array_key_exists(strtolower(str_replace(" ", "_", $key)), $systemCat))) { // If if ($tmpCatP && (! $categoriaPrivada)) { $categoriaPrivada = true; $categoriaValida = false; } // We see that the user belongs to one of the groups (like of category). if ((in_array($key, $user->getGroups())) && ((! $categoriaPrivada) || ($tmpCatP && $categoriaPrivada))) { $categoriaValida = true; } $existeGrupo = true; } } $docPoseeCategorias = (count($title->getParentCategories()) > 0); } // If groups don't exists and it isn't white page and doc has categories, this doc is a plublic doc. // If document hasn't got category if ((! $existeGrupo) && (! $pagBlanca) && ($docPoseeCategorias)) $result = true; // If user is logged and user has valid group, or it's white page, this is an accesible doc. else if (($user->isLoggedIn() && $categoriaValida) || $pagBlanca) $result = true; // Else you cannot acces to this doc. else $result = false; return $result; } $wgHooks['userCan'][] = 'userCanGrupoCategoria'; require_once $IP."/extensions/rabcg/groups.php";
- Create a file named $IP/extensions/rabcg/groups.php with all groups do you want:
<?php // This is a no public category: Financial no public data. $wgGroupPermissions['Financial no public data']['*'] = true; // This is a private category: Financial private data. $wgGroupPermissions['Financial private data']['private'] = true;
- Add the following to LocalSettings.php (adjust name of user login page for your language):
require_once("$IP/extensions/rabcg/rabcg.php"); $wgWhitelistRead = array('Special:UserLogin');
