Extension:PageOwnership

PageOwnership is a permissions manager by which system administrators and entitled users can assign multiple layers of permissions to specific users or groups, either at page and namespace level, or for the entire wiki, through a user-friendly interface. Supports transclusion, cache and Semantic MediaWiki.

Starting from version 1.1.0 PageOwnership aims to support in a rigorous way all the permissions and rights available in MediaWiki, through a user-friendly interface, and does not anymore rely on arbitrary constraints, like the former subdivision in "editors", "readers", "admin", without a strict correspondence in the MediaWiki's permissions/rights model!



Features
PageOwnership allows to assign multiple sets or layers of rights to specific users and groups, with regard of the entire wiki or based on specific pages, sub-pages and namespaces. This allows to comply with virtually any "preventing-access" need, ranging from just using PageOwnership as an interface for managing Mediawiki's permissions and rights in a traditional way, up to assigning specific pages and their sub-pages to specific users and groups, while preventing other groups of users from accessing or editing them.

PageOwnership, due to its flexibility, also allows to enforce an implicit moderation on your wiki. You don't directly moderate pages (or page versions) like in FlaggedRevs or Approved Revs, instead, you assign a page and its sub-pages to authorized user(s) or group(s) which can edit them. When the page is ready for publishing, either you grant to everybody access to it, or you provide the editors of the page with additional rights related to that page and sub-pages (so they can in turn provide other users or groups with access to it).





Managing permissions
PageOwnership's Permissions Manager can be accessed both from any content page of the wiki, through the navigation menu shown above, or from the list of special pages.

The Permissions Manager consists of two different special pages (or "steps" within a unique special page by a technical point of view), the first with all the sets of permissions related to the entire wiki (if the Permissions Manager has been accessed from the list of special pages) or to the related page (of any namespace) – and the second with specific rights and permissions assigned to specific users or groups.

Here is the navigable list of permissions assigned to a "Test page", and the button "Add permissions" by which you can add a new set of permissions.



The first entry assigns the permissions types "Reading" and "Editing" to the user "Account test 1", plus specific additional rights provided by PageOwnership which extend the given rights to sub-pages of the related page as well, and it removes a right included in the standard set of "Editing" permissions ("Move pages").

'''The second entry matches all the anonymous and registered users, and assign to them no rights. By this way all the anonymous and registered users are prevented either to access and edit "Test page" and any of its sub-pages.'''

Also note that the rights associated to "Reading" and "Editing" permissions types are not arbitrary but reflect the table provided at this page (User rights). See the table below for a complete overview.

Setting permissions
From the navigable list of permissions within the Manage permissions special page (also known as "pager"), you can access the form to set permissions associated to any user, group, page, and namespace through the "add permissions" button or "edit" button besides each existing set of permissions. Here it is:



Through the first input you can enter both users and groups, and through the second input (a custom OOUI "multi toggle button widget") you can assign set of rights to that user and group subdivided by type. As mentioned above, such types are not arbitrary but reflect the table provided in the Manual:User rights page, which are the following:

Also note that because this subdivision does not reflect the rights assigned by default to each user (for instance the  right is reserved to   by default, and obviously the   right does not apply to the   group), in future version of the extension an additional subdivision per group, as in the table Manual:User_rights, might be added, while currently you can add/remove rights through the additional inputs "Add/remove specific permissions".

The "Additional rights" input contains all available rights not included in the subdivision above, namely the rights provided by extensions.

Finally, the inputs "Add specific permissions" and "Remove specific permissions", using a OOUI's MenuTagMultiselectWidget, allows to add/remove specific permissions to/from the described types of permissions, and get automatically populated depending on the selected types, so you can have a precise idea of the rights actually assigned.

Currently, as for the version  PageOwnership, by contrast to previous versions, does not feature a dedicated input (before it was a checkbox) to manage its own set of permissions (see section Rights and privileges), but instead offers an "universal" way to manage all available permissions. This does not exclude that a coming version of PageOwnership could again include a dedicated input to manage subpages' permissions (a core feature of PageOwnership), through a simplified interface available besides the complete interface, however that will be internally handled through the more "universal" right and permissions model now adopted.



When accessed from the list of Special Pages, the Set permissions form also features two inputs to restrict the current set of permissions to specific page(s) and to specific namespace(s).

Filtering permissions
The centralized list of permissions (when accessed from the list of Special Pages instead than from the action menu on top of content pages) can be filtered and includes fields with the related page or namespace and the user who created the permission.



"My pages" sidebar section
PageOwnership creates a list of pages to which logged-in registered users have been assigned (as users, not as members of a group) in the standard navigation panel, so that they can quickly navigate to such pages.



Magic word/parser function
PageOwnership includes a Magic word/parser function (called either using  or  ) (case insensitive) to display the list of pages assigned to the logged-in registered user. This can be used within articles or templates for various purposes.

Rights and privileges
The extension creates the following user rights. Note that because MediaWiki does not offer by default a per-page management of rights, it makes sense to use the rights listed below (except  concerning the entire wiki) (despite they can also be set in LocalSettings.php or through  Special:UserRights) only through the PageOwnership's Manage permissions special page, which saves those rights within a dedicated table.

Confidential pages
The following set of rights represent the current PageOwnership's permissions for an entire private wiki and are shown through Special:SpecialPages -> PageOwnership -> ManagePermissions (i.e. not from the action menu from a wiki article).

The first row is the most significant: it matches all users (including anonymous users, also if this is not relevant for a private wiki) and sets for them no rights (the related cell is empty) for "Confidential page a" and "Confidential page b".

The second row grants User a and User b, reading and editing-related rights (plus regarding subpages) for the page "Confidential page a".

The third row grants User c and User d, reading and editing-related rights for the page "Confidential page b".



In summary the wiki has 2 confidential pages, and those can be edited/accessed only from specific users.

Guest user
If we want to set a "guest user" (an user who is only allowed to access specific pages) we add the following permissions.



The first row matches "User e" and assigns no rights to he/she for all pages and namespaces (the related empty cells have a meaningful semantic meaning in this case)

The second row matches the same user and assigns he/she with editing-related and reading right for a "Page x".

Note in short the composite character of PageOwnership's permissions: you first match an user or group and assign to them basic permissions or no permissions, and then you grant more permissive permissions on specific pages or namespaces.

Known issues

 * the right  is not yet implemented
 * the new permissions' model is to be considered in beta version and hasn't yet extensively tested, for a professional support please use this Contact form (an Extension:CIForms's form)
 * there isn't yet a maintenance script for migration, however the current version uses a new table name, so the previous table is kept intact

Roadmap

 * write use-case to emulate Extension:GroupWhitelist
 * add group  to emulate Extension:LockAuthor
 * add per-category constraint
 * additional specialpage, tab, or form section where to toggle all rights per-group
 * add presets in the UI for instance for "guest user" or subpages-related rights
 * integrate  of Extension:Lockdown (use hook Manual:Hooks/MediaWikiPerformAction)