Extension:SemanticAccessControl

What can this extension do?
This extension defines an access control framework. It provides these features
 * provides GUI to define User Group.
 * Access control statement can be embedded into template. So there is not any messy text editing to insert ACL text.
 * Page specific access control can be defined through a GUI interface.

Usage
All Users is an implicit group. You can use it in your template. User specific permission can be added like this
 * Configure default site access control rule. Edit UserGroup:SiteACL
 * Configure the default policy for user in one group. Edit UserGroup:GroupACL
 * Add any user who design the site. Edit UserGroup:Developers
 * Add Groups and define Access control properly. Go to AdminLink->Create Custom Group.
 * In your template, use the Property ACL Page Parent to establish the inheritance of permissions if needed. E.g.
 * In your template, Define content-specific ACL by adding ACL statement to Template. Group specific permission can be added like this
 * User can edit/view page permission by following Permissions action tab.

Concept
This extensions classifies pages into three categories: content pages, schema pages and access control-related pages. Access control for content page follows these flow.
 * Content page are the regular pages, most in the MAIN namespace.
 * Schema pages are pages which define the overall site structure such as pages in template, property, category, form, concept namespace. These pages are not regular pages for end user. Schema Pages can only be edited by users in Developers group.
 * Access control-related pages are pages in a namespace. These pages can be edited only when a user has proper Grant permission.

At any stage, if a right is explicitly granted or denied, the checking stops. Otherwise, it goes to next stage.


 * 1) page owner and users in bot, sysop, and bureaucrat have all permissions all the time. Page owner is the user who creates the page in the first place and any one defined with ACL Page Owner semantic property.
 * 2) Check any permission in the page itself. The permission could be introduced implicitly from template.
 * 3) Check any permission which is created by end user following the Permissions action tab.
 * 4) Check any inherited permission if the page has one.
 * 5) Find all groups the page owner belongs to. If current user is in one of the group, Check the group policy as is defined in UserGroup page. Then check GroupACL.
 * 6) Check policy in SiteACL.
 * 7) Fall back to MediaWiki itself.

Download instructions
Binary distribution Source can be found at source hosting

Requirement
First, untar the extension to extensions folder.
 * Semantic MediaWiki
 * Semantic Forms
 * Semantic Internal Object
 * Admin Links
 * Semantic Form Select

Second, add the following to LocalSettings.php: make sure in your LocalSettings.php, you have $wgMetaNamespace = "Project"; The Project namespace is needed for everything to work smoothly. Finally, upload pages under pages folder and groups folder to your site. This extension defines two namespaces. You need to install the extension first, then upload the pages. Otherwise, some of the pages are left to Main namespace although it has UserGroup: in the page title.

Demonstration

 * create 6 regular users: test11, test12, test21, test22, test31, test32.
 * upload pages under testpages to your site. These pages define three user groups: TestGroup1(test11. test12), TestGroup2(Test21, test22) and TestGroup3(test31, test32). Go to page Department1. Users in TestGroup1 have all rights. Users in TestGroup2 have read right. Users in TestGroup3 have no right. You can edit this page. User right will adjust according to rule defined in template.

Configuration parameters
Usually, you do not need changing configuration. If you have custom namespace, you can adjust this parameter

$ACL_CONTENT_Namespaces=array(NS_MAIN, NS_FILE, NS_USER): what namespace is content namespace.

Acknowledge
This project is sponsored by BioTeam