Extension:WhiteList

Overview
In some corprate environemnts which use wikis for their documentation, it is sometimes necessary to restrict access to information. There are several ways to do so. One such technique is using Extension:Blacklist to blacklist certain pages. However, in cases where some users need to be explicitly restricted to only a few specific pages, the blacklist approach becomes cumbersome. Instead, a whitelist can be used to define these restrictions.

Description
This extension adds two new groups and two new user rights: a set for the managers and a set for the restricted users. A manager has the permissions to view a new Special Page to oversee all restricted users' pages. A manager can define specific pages to be visible to a restricted user. These permissions can be Any user belonging to the Manager group or who has the Manager rights will have all of these capabilities. A sample screenshot of these capabilities is below.
 * set to either view or edit that page
 * set to autoexpire or never expire
 * removed altogether

Once a user is defined as a restricted user, the only pages they will be allowed to see are the default whitelist pages (i.e. Special:Preferences) and all whitelisted pages explicitly defined for this user. All restricted users will have a new Personal Tab called My Pages which will list only the pages they have access to.

Install Prerequisite Extension
Follow the installation instructions for Extension:Usage Statistics. Note: since this extension is only needed for one function, you don't actually have to install the gnuplot extension if you don't want to, however doing so will impair the functionality of the Usage Statistics extension.

Install the actual extension
Download the extension code (all files) from SVN and place it in the extensions/WhiteList/ directory.

Create the MySQL table
Make sure to use the appropriate $wgPrefix. In this example, we used wiki_ as the $wgPrefix.

Setup the system messages
Go to your Special:Allmessages page and set an appropriate message for
 * badaccess-group1
 * badaccess-group2
 * badaccess-groups

Enable the extension
Add the following text to your LocalSettings.php NOTE: you may also want to add other pages that should be globally whitelisted to all restricted users in the $wgWhitelistOverride['always']['read'] or $wgWhitelistOverride['always']['edit'] arrays.

Configure Users
Before the extension can be used, a sysop has to add the desired users to the manger group. Note, by default, a sysop will not have the necessary permissions to see the manager's WhiteList Edit special page. So, it might be a good idea to add the sysops to the manager group also.

Next, assign whomever you want to restrict to the restricted group. Now, any user with the editwhitelist userright can modify the restricted users' whitelist.

To Do
This extension is still actively being worked on, so there may be a numbe of improvements yet to come. The short list of improvements inculdes:


 * Add a "request page access" feature
 * Allow access to user:username pages and user_talk:username pages by default
 * uploading images???