Extension:Require Editor Privilege

Why is this extension needed?
MediaWiki knows groups that can be given certain privileges:
 * Bureaucrats
 * Sysops
 * Bots
 * Logged on user with verified email address
 * Logged on user with suffciently old account
 * Logged on user
 * Anonymous user

If editing shall be restricted to trusted users this is not possible. Furthermore it is not possible to restrict reading to trusted users which might be necessary when using MediaWiki for sensitive information.

What does this extension do?
Two new user groups are introduced:
 * Readers can read any article that a user could read in a standard wiki.
 * Editors can do anything a user could do in a standard wiki.

You can grant read authorization to anonymous users with: $xyAllowAnonymousRead = true; You can grant read authorization to logged on users with: $xyAllowUserRead     = true; The Main Page is readable by any user, to allow creation of user accounts.
 * require_once('extensions/xyRequireEditorPrivilege.php');

Installation
// Allow anonymous users to read? $xyAllowAnonymousRead = false; // Allow logged on users without reader privileges to read? $xyAllowUserRead     = false; require_once('extensions/xyRequireEditorPrivilege.php');
 * Copy the script below with UTF8 encoding to extensions/xyRequireEditorPrivilege.php.
 * For additional language support You may amend the script (English and German already contained.)
 * Add the following lines to LocalSettings.php:

The script
<?php /**
 * @author xypron
 * @version 1.1 - 2007/05/16
 * Extension xyRequireEditorPrivilege defines two user groups:
 * - reader
 * - editor
 * Users that are not member of either of these are automatically logged off.
 * Anonymous users can only see the main page and create an account.
 * Put this file into the /extensions directory.
 * Add the following lines to LocalSettings.php:
 * // Allow anonymous users to read?
 * $xyAllowAnonymousRead = false;
 * // Allow logged on users without reader privileges to read?
 * $xyAllowUserRead     = false;
 * require_once('extensions/xyRequireEditorPrivilege.php');
 * $xyAllowUserRead     = false;
 * require_once('extensions/xyRequireEditorPrivilege.php');

if(!defined('MEDIAWIKI')) die;

$wgExtensionFunctions[] = 'xyRequireEditorPrivilege'; $wgHooks['SiteNoticeAfter'][] = 'xyRequireEditorPrivilegeHook';

/** * Should editors be required to have a validated e-mail * address before being allowed to edit? */ $wgEmailConfirmToEdit=true;

// Implicit group for all visitors $wgGroupPermissions['*'] = array( 'createaccount' => true ); if ($xyAllowAnonymousRead) $wgGroupPermissions['*']['read']               = true;

// Implicit group for all logged-in accounts $wgGroupPermissions['user' ] = array; if ($xyAllowUserRead) $wgGroupPermissions['user']['read']              = true;

// Implicit group for readers $wgGroupPermissions['reader']['read']            = true;

// Implicit group for editors $wgGroupPermissions['editor' ]['move']           = true; $wgGroupPermissions['editor' ]['read']           = true; $wgGroupPermissions['editor' ]['edit']           = true; $wgGroupPermissions['editor' ]['createpage']     = true; $wgGroupPermissions['editor' ]['createtalk']     = true; $wgGroupPermissions['editor' ]['upload']         = true; $wgGroupPermissions['editor' ]['reupload']       = true; $wgGroupPermissions['editor' ]['reupload-shared'] = true; $wgGroupPermissions['editor' ]['minoredit']      = true;

// Implicit group for administrators $wgGroupPermissions['sysop' ] = array_merge( $wgGroupPermissions['sysop' ], $wgGroupPermissions['editor' ]);

$wgGroupPermissions['bureaucrat' ] = array_merge( $wgGroupPermissions['bureaucrat' ], $wgGroupPermissions['editor' ]);

/** * Set of available actions that can be restricted via Special:Protect * You probably shouldn't change this. * Translated trough restriction-* messages. */ $wgRestrictionTypes = array( 'edit', 'move' );

/** * Set of permission keys that can be selected via Special:Protect. * 'autoconfirm' allows all registerd users if $wgAutoConfirmAge is 0. */ $wgRestrictionLevels = array( '', 'editor', 'sysop', 'bureaucrat' );

function xyRequireEditorPrivilege { global $wgMessageCache, $wgWhitelistRead;

$wgWhitelistRead = array( wfMsg("mainpage"), wfMsg("Special").":Userlogin", wfMsg("Special").":Userlogout", "-", "MediaWiki:Monobook.css");

// English messages $wgMessageCache->addMessages( array( 'protect-level-bureaucrat' => 'only bureaucrats', 'protect-level-editor'    => 'only editors', 'group-editor'            => 'Editors', 'group-editor-member'     => 'Editor', 'grouppage-editor'        => '    :Editors', 'protect-level-reader'    => 'only readers', 'group-reader'            => 'Readers', 'group-reader-member'     => 'Reader', 'grouppage-reader'        => '    :Readers' ));

// German messages $wgMessageCache->addMessages( array( 'protect-level-bureaucrat' => 'nur Bürokraten', 'protect-level-editor'    => 'nur Autoren', 'group-editor'            => 'Autoren', 'group-editor-member'     => 'Autor', 'grouppage-editor'        => '    :Autoren', 'protect-level-reader'    => 'nur Leser', 'group-reader'            => 'Leser', 'group-reader-member'     => 'Leser', 'grouppage-reader'        => '    :Leser' ), 'de'); }

function xyRequireEditorPrivilegeHook( &$sitenotice ) { global $wgMessageCache, $wgUser, $wgTitle, $IP, $wgOut;

// English messages $wgMessageCache->addMessages( array( 'xyNoReadingAuth'    => 'You have no reader authorization.' ));

// German messages $wgMessageCache->addMessages( array( 'xyNoReadingAuth'       => 'Sie haben kein Leserecht.' ), 'de');

if ($wgUser->isLoggedIn && !$wgUser->isAllowed('read')) { $sitenotice .= ''. wfMsg('xyNoReadingAuth') .''; require_once( $IP . '/includes/SpecialUserlogout.php'); $wgOut->clearHTML; wfSpecialUserlogout; } } ?>

Tested environments
The extension has been successfully tested in the following environments:
 * Linux
 * MediaWiki 1.5.8
 * Apache/2.0.50 (Fedora)
 * PHP 4.3.8
 * MySQL 3.23.58
 * Windows 2000 prof
 * MediaWiki 1.8 alpha rev. 15483
 * Apache 2.0.49
 * PHP Version 5.1.1
 * MySQL - 5.0.23-community-nt