Thread:Project:Support desk/Permission to edit pages only if that user belongs to that group/reply (12)

Alright, so I updated to 1.21.2 and am using the following LocalSettings.php:

<?php error_reporting( -1 ); ini_set( 'display_errors', 1 );
 * 1) This file was automatically generated by the MediaWiki 1.20.2
 * 2) installer. If you make manual changes, please keep track in case you
 * 3) need to recreate them later.
 * 4) See includes/DefaultSettings.php for all configurable settings
 * 5) and their default values, but don't forget to make changes in _this_
 * 6) file, not there.
 * 7) Further documentation for configuration settings may be found at:
 * 8) http://www.mediawiki.org/wiki/Manual:Configuration_settings
 * 1) Further documentation for configuration settings may be found at:
 * 2) http://www.mediawiki.org/wiki/Manual:Configuration_settings

if ( !defined( 'MEDIAWIKI' ) ) { exit; }
 * 1) Protect against web entry


 * 1) Uncomment this to disable output compression
 * 2) $wgDisableOutputCompression = true;

$wgSitename     = "mw120"; $wgMetaNamespace = "Mw120";

$wgScriptPath      = "/mediawiki-1.21.2"; $wgScriptExtension = ".php";
 * 1) The URL base path to the directory containing the wiki;
 * 2) defaults for all runtime URL paths are based off of this.
 * 3) For more information on customizing the URLs
 * 4) (like /w/index.php/Page_title to /wiki/Page_title) please see:
 * 5) http://www.mediawiki.org/wiki/Manual:Short_URL

$wgServer          = "http://wikidev.localdomain";
 * 1) The protocol and server name to use in fully-qualified URLs

$wgStylePath       = "$wgScriptPath/skins";
 * 1) The relative URL path to the skins directory

$wgLogo            = "$wgStylePath/common/images/wiki.png";
 * 1) The relative URL path to the logo.  Make sure you change this from the default,
 * 2) or else you'll overwrite your logo when you upgrade!


 * 1) UPO means: this is also a user preference option

$wgEnableEmail     = true; $wgEnableUserEmail = true; # UPO

$wgEmergencyContact = "apache@localhost"; $wgPasswordSender  = "apache@localhost";

$wgEnotifUserTalk     = false; # UPO $wgEnotifWatchlist    = false; # UPO $wgEmailAuthentication = true;


 * 1) Database settings

$wgDBtype          = "mysql"; $wgDBserver        = "localhost"; $wgDBname          = "my_wiki"; $wgDBuser          = "wikiuser"; $wgDBpassword      = "wikipass";

$wgDBprefix        = "mw1202";
 * 1) MySQL specific settings

$wgDBTableOptions  = "ENGINE=InnoDB, DEFAULT CHARSET=binary";
 * 1) MySQL table options to use during installation or update

$wgDBmysql5 = false;
 * 1) Experimental charset support for MySQL 5.0.

$wgMainCacheType   = CACHE_NONE; $wgMemCachedServers = array;
 * 1) Shared memory settings

$wgEnableUploads = false; $wgUseImageMagick = true; $wgImageMagickConvertCommand = "/usr/bin/convert";
 * 1) To enable image uploads, make sure the 'images' directory
 * 2) is writable, then set this to true:

/* -- */ $wgMetaNamespace = "xxx_wiki";


 * 1) UPO means: this is also a user preference option

$wgEnableEmail = true; $wgEnableUserEmail = true; # UPO

$wgEmergencyContact = "xxx@gmail.com"; $wgPasswordSender = "xxx";

$wgEnotifUserTalk = true; # UPO $wgEnotifWatchlist = true; # UPO $wgEmailAuthentication = true;

$wgUseInstantCommons = true;
 * 1) InstantCommons allows wiki to use images from http://commons.wikimedia.org

$wgShellLocale = "en_US.UTF-8";
 * 1) If you use ImageMagick (or any other shell command) on a
 * 2) Linux server, this will need to be set to the name of an
 * 3) available UTF-8 locale


 * 1) If you want to use image uploads under safe mode,
 * 2) create the directories images/archive, images/thumb and
 * 3) images/temp, and make them all writable. Then uncomment
 * 4) this, if it's not already uncommented:
 * 5) $wgHashedUploadDirectory = false;


 * 1) Set $wgCacheDirectory to a writable directory on the web server
 * 2) to make your wiki go slightly faster. The directory should not
 * 3) be publically accessible from the web.
 * 4) $wgCacheDirectory = "$IP/cache";

$wgLanguageCode = "en";
 * 1) Site language code, should be one of the list in ./languages/Names.php

$wgSecretKey = "xxx";

$wgUpgradeKey = "xxx";
 * 1) Site upgrade key. Must be set to a string (default provided) to turn on the
 * 2) web installer while LocalSettings.php is in place

$wgDefaultSkin = "vector";
 * 1) Default skin: you can change the default skin. Use the internal symbolic
 * 2) names, ie 'standard', 'nostalgia', 'cologneblue', 'monobook', 'vector':

$wgRightsPage = ""; # Set to the title of a wiki page that describes your license/copyright $wgRightsUrl = ""; $wgRightsText = ""; $wgRightsIcon = "";
 * 1) For attaching licensing metadata to pages, and displaying an
 * 2) appropriate copyright notice / icon. GNU Free Documentation
 * 3) License and Creative Commons licenses are supported so far.

$wgDiff3 = "/usr/bin/diff3";
 * 1) Path to the GNU diff3 utility. Used for conflict resolution.

$wgResourceLoaderMaxQueryLength = -1;
 * 1) Query string length limit for ResourceLoader. You should only set this if
 * 2) your web server has a query string length limit (then set it to that limit),
 * 3) or if you have suhosin.get.max_value_length set in php.ini (then set it to
 * 4) that value)

require_once( "$IP/extensions/Cite/Cite.php" ); require_once( "$IP/extensions/ConfirmEdit/ConfirmEdit.php" ); require_once( "$IP/extensions/Gadgets/Gadgets.php" ); require_once( "$IP/extensions/ImageMap/ImageMap.php" ); require_once( "$IP/extensions/InputBox/InputBox.php" ); require_once( "$IP/extensions/Interwiki/Interwiki.php" ); require_once( "$IP/extensions/LocalisationUpdate/LocalisationUpdate.php" ); require_once( "$IP/extensions/Nuke/Nuke.php" ); require_once( "$IP/extensions/ParserFunctions/ParserFunctions.php" ); require_once( "$IP/extensions/PdfHandler/PdfHandler.php" ); require_once( "$IP/extensions/Poem/Poem.php" ); require_once( "$IP/extensions/Renameuser/Renameuser.php" ); require_once( "$IP/extensions/SpamBlacklist/SpamBlacklist.php" ); require_once( "$IP/extensions/SyntaxHighlight_GeSHi/SyntaxHighlight_GeSHi.php" ); require_once( "$IP/extensions/TitleBlacklist/TitleBlacklist.php" ); require_once( "$IP/extensions/Vector/Vector.php" ); require_once( "$IP/extensions/WikiEditor/WikiEditor.php" ); //require_once( "$IP/extensions/EditOnlyYourOwnPage.php" ); require_once( "$IP/extensions/Lockdown/Lockdown.php" );
 * 1) Enabled Extensions. Most extensions are enabled by including the base extension file here
 * 2) but check specific extension documentation for more details
 * 3) The following extensions were automatically enabled:


 * 1) End of automatically generated settings.
 * 2) Add more configuration options below.

$wgGroupPermissions['*']['edit'] = false;
 * 1) Requires that a user be registered before they can edit.

$wgEmailConfirmToEdit = false;
 * 1) Requires users to confirm their eamail to edit a page

//$wgShowIPinHeader = false;
 * 1) hide user tools for anonymous (IP address) visitors

$wgGroupPermissions['user']['edit'] = false;
 * 1) Users cannot edit pages

$wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['user']['createpage'] = false;
 * 1) Anonymous users can't create pages

$wgGroupPermissions['*']['createaccount'] = false;
 * 1) Prevent new user registrations except by sysops

$wgGroupPermissions['rerun'] = $wgGroupPermissions['user']; $wgGroupPermissions['rerun']['delete'] = true; $wgGroupPermissions['rerun']['protect'] = true; $wgGroupPermissions['rerun']['patrol'] = true; $wgGroupPermissions['rerun']['purge'] = true; # delete the cache of a page $wgGroupPermissions['rerun']['edit'] = true; $wgGroupPermissions['rerun']['createpage'] = true;
 * 1) Start with assigning the default permissions from group "user"
 * 1) Now modify these rights:

$wgGroupPermissions['aec'] = $wgGroupPermissions['user']; $wgGroupPermissions['aec']['delete'] = true; $wgGroupPermissions['aec']['protect'] = true; $wgGroupPermissions['aec']['patrol'] = true; $wgGroupPermissions['aec']['purge'] = true; # delete the cache of a page $wgGroupPermissions['aec']['edit'] = true; $wgGroupPermissions['aec']['createpage'] = true;
 * 1) Start with assigning the default permissions from group "user"
 * 1) Now modify these rights:

define('NS_RERUN', 100); define('NS_AEC', 101);
 * 1) define constants for your custom namespaces, for a more readable configuration

$wgExtraNamespaces[NS_RERUN] = 'rerun'; $wgExtraNamespaces[NS_AEC] = 'aec';
 * 1) define custom namespaces

$wgNamespacePermissionLockdown[NS_RERUN]['read'] = array('rerun'); $wgNamespacePermissionLockdown[NS_RERUN]['edit'] = array('rerun'); $wgNamespacePermissionLockdown[NS_RERUN]['createpage'] = array('rerun');
 * 1) restrict "read" permission to logged in users

$wgNamespacePermissionLockdown[NS_AEC]['read'] = array('aec'); $wgNamespacePermissionLockdown[NS_AEC]['edit'] = array('aec'); $wgNamespacePermissionLockdown[NS_AEC]['createpage'] = array('aec');

$wgNonincludableNamespaces[] = NS_RERUN; $wgNonincludableNamespaces[] = NS_AEC;
 * 1) prevent inclusion of pages from that namespace

which is should be the same as yours modulo some debugging and password stuff.

And it is working for me.

Could you tell me what exactly what pages you are looking at and what happens?

Here is what I am doing:
 * 1) Not logged in
 * 2) aec:AecTest -- "You do not have permission to read this page... limited to users in the group: rerun."
 * 3) rerun:RerunTest -- "You do not have permission to read this page... limited to users in the group: rerun."
 * 4) Logged in as User:Test which is in the aec group
 * 5) aec:AecTest -- see content which is "test can see, bogus can't"
 * 6) rerun:RerunTest -- "You do not have permission to read this page... limited to users in the group: rerun."
 * 7) Logged in as User:Bogus which is in the rerun group
 * 8) aec:AecTest -- "You do not have permission to read this page... limited to users in the group: rerun."
 * 9) rerun:RerunTest -- see content which is "Bogus can see, Test cannot"