Extension:PermissionACL

The PermissionACL extension implements a way to restrict access to specific {namespaces, pages, categories} based on user group or user name. This provides a more fine grained security model than the one provided by the default $wgGroupPermissions.

PermissionACL extension configuration is based on ACL (Access Control List) - list of rules which are processing from first to last. '''First applicable rule is used! On the end of list is implicit rule DENY TO ALL!'''

Usage
If $wgPermissionACL is set, then ACL model is used - if not, the extension will do nothing.

Rules are array elements and their order in array is used by ACL mechanism.

Syntax of rules (every rule has 4 parts):
 * 1) which page : select of pages (namespaces, categories)
 * 2) which user : select of users (groups)
 * 3) which action : select of actions ( userCan actions - read, edit, create, move)
 * 4) operation : permit or deny access

First, second and third rule part can be:
 * one value
 * array of values
 * ALL (represented by asterisk)

Summary of syntax
The following may be repeated multiple times to add rules to the ACL:

Example
This example configures for the scenario:


 * Namespaces: Private, Ccna, Ccnp, Ns, Fwl
 * User groups: private, ccna, ccnp, ns, fwl;
 * Group ccna has RW access only to namespace Ccna, group fwl to Fwl, ...
 * Group private has RW access to every namespace
 * Unlogged users can only read NS_MAIN namespace
 * Administrators (users "wikisysop" and "vav166") can do everything

Download instructions
Please cut and paste the code found below and place it in.

Note: $IP stands for the root directory of your MediaWiki installation, the same directory that holds LocalSettings.php.

Installation
To install this extension, add the following to LocalSettings.php: