Extension:NamespacePermissions

NamespacePermissions is a MediaWiki extension which provides flexible access management for custom namespaces.

It uses separate permissions for each action (read, edit, create, move) on each custom namespace for granting access to the articles in those namespaces.

Installation and usage
 Copy to your MediaWiki folder. (For source, see below.)

Add the following line at the end of  (or at least after declaring your custom namespaces, i.e. after setting  ):



Optionally set up permissions for existing groups via (see Help:User rights).

Use Special:Userrights to assign groups (including groups provided by the extension) to users.



Permissions provided
where  - namespace number (e.g. ,  ). You can use these with the variable in  to set permissions on your extra namespaces for many users at once. See the example below.

Groups provided
e.g.,. These groups are for granting permission to one existing user at a time; the extension causes them to appear on the Special:Userrights page. The extension provides the above pair of groups for each extra namespace you defined in.
 * 1)   - full access to the namespace   (all permissions for the namespace granted)
 * 2)   - read-only access to the namespace   (only read permission granted)

Security issues
Warning! There are some security issues with the extension:
 * Can we disable searches in a "hidden" namespace? Suggestion here.
 * Also, edits still show up in RecentChanges for regular users. :-(
 * Also, XML Export is available for regular users.
 * Also, Special:Allpages shows all pages, even in restricted namespaces.
 * Also, transcluding restricted page to open one can show the content (usage of in a authorised namespace gives complete content!)


 * Answer: Solutions, workarounds and ideas to these problems are in the |discussion page.

Change 'view source' to 'edit' for namespaces editable by logged in users?
Is this possible? I want to deny a certain namespace edit rights only to not logged in users. So the 'view source' link is incongruous with MediaWiki's usual behavior of displaying an 'edit' link but then requiring login.

What about creating?
I've added a user to (and only to) the new groups. When this user saves new content it ends under namespace 0. How do I create content that goes into the 100 namespace?
 * You have to create the namespace itself first. Darkoneko 10:33, 4 July 2008 (UTC)

Examples
The macro "define" should be used to create extra-namespaces in LocalSettings.php. e.g.

Further Configuration
The NamespacePermissions Extension works great for me, but I wanted to restrict all namespaces, not just the custom ones. I want to create this setup:
 * No one can read "main" pages unless logged in
 * Remember, need to give access to the "Main Page" and to "Special:Userlogin"
 * The "Main Page" on my wiki has two links:
 * Users with logins click here to see ABC pages
 * Users without logins click here to see XYZ pages
 * All users can read 100, 102, 104
 * Only logged-un users can edit/create 100, 102, 104
 * All users can read/edit/create 101, 103, 105 ("talk" namespaces for 100, 102, 104)

So here's what I did:

LocalSettings.php
In LocalSettings.php, I create the namespaces and give permissions:

NameSpacePermissions.php

 * ''Note that the code should return "true" instead of "null" in later versions

I changed the namespacePermissionsCheckNamespace function. If the title is "Main Page" or "Special:Userlogin", allow them to see it. Otherwise, check the namespace permissions. Note that the -2 variable was changed from the original 100 variable because I want to perform the check on all namespaces, not just 100+.

--Axelseaa 19:49, 14 January 2008 (UTC)The example above does not allow the user to logout - keep that in mind if you are going to try this at home. Another easy solution would be to check for namespaces equal to or greater than 0. That would leave the special pages alone.

SpecialSearch.php
To avoid nonpermitted searches in hidden namespaces I've had tuned the powerSearch function in SpecialSearch.php in an quick and dirty way:

Sorry for the bad style.

Check $wgWhitelistRead
I changed the function namespacePermissionsCheckNamespace to check the $wgWhitelistRead Array.