Extension:PermissionACL

What can this extension do?
The PermissionACL extension implements a way to restrict access to specific {namespaces, pages, categories} based on user group or user name. This provides a more fine grained security model than the one provided by the default $wgGroupPermissions.

PermissionACL extension configuration is based on ACL (Access Control List) - list of rules which are processing from first to last. '''First applicable rule is used! On the end of list is implicit rule DENY TO ALL!'''

Usage
If $wgPermissionACL is set, then ACL model is used - if not, the extension will do nothing.

Rules are array elements and their order in array is used by ACL mechanism.

Syntax of rules (every rule has 4 parts):
 * 1) which page : select of pages (namespaces, categories)
 * 2) which user : select of users (groups)
 * 3) which action : select of actions ( userCan actions - read, edit, create, move)
 * 4) operation : permit or deny access

First, second and third rule part can be:
 * one value
 * array of values
 * ALL (represented by asterisk)

Summary of syntax
The following may be repeated multiple times to add rules to the ACL:

$wgPermissionACL[] = array(                          {'group' | 'user'}, => { | | '*'} [, { | | '*'}...],                           {'namespace' | 'page' | 'category'} =>  [, ...] ,                           'action'    => {'read', 'edit', 'create', 'move', '*'} [, {'read', 'edit', 'create', 'move', '*'}...] ,                           'operation' => {'permit', 'deny'}                          );

Example
This example configures for the scenario:


 * Namespaces: Private, Ccna, Ccnp, Ns, Fwl
 * User groups: private, ccna, ccnp, ns, fwl;
 * Group ccna has RW access only to namespace Ccna, group fwl to Fwl, ...
 * Group private has RW access to every namespace
 * Unlogged users can only read NS_MAIN namespace
 * Administrators (users "wikisysop" and "vav166") can do everything

Download instructions
Please cut and paste the code found below and place it in.

Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation
To install this extension, add the following to LocalSettings.php: