Extension:Hierarchical Namespace Permissions/LocalSettings Example

// Website specific namespaces. define('NS_ADMIN',    100); define('NS_BLOG',     102); define('NS_BLOG_TALK', 103); # odd number means 'talk' namespace define('NS_CONTACT',  104); define('NS_TEST',     106); define('NS_CODE',     108);

$wgExtraNamespaces = array (NS_ADMIN    => "Admin",         NS_BLOG      => "Blog",         NS_BLOG_TALK => "Blog_talk",	 NS_CONTACT   => "Contact",	 NS_TEST      => "Test",	 NS_CODE      => "Code"        );
 * 1) Add extra Namespaces

$wgNamespacesToBeSearchedDefault = array( NS_MEDIA           => true, NS_SPECIAL          => true, NS_MAIN             => true, NS_TALK             => true, NS_USER             => true, NS_USER_TALK        => true, NS_WIKIPEDIA        => true, NS_WIKIPEDIA_TALK   => true, NS_IMAGE            => true, NS_IMAGE_TALK       => true, NS_MEDIAWIKI        => true, NS_MEDIAWIKI_TALK   => true, NS_TEMPLATE         => true, NS_TEMPLATE_TALK    => true, NS_HELP             => true, NS_HELP_TALK        => true, NS_CATEGORY         => true, NS_CATEGORY_TALK    => true,

NS_ADMIN           => true, NS_BLOG            => true, NS_BLOG_TALK       => true, NS_CONTACT         => true, NS_TEST            => true, NS_CODE            => false );


 * 1) Define new groups.

// Allow subpages on the new namespaces $wgNamespacesWithSubpages[NS_MAIN]     = true; $wgNamespacesWithSubpages[NS_PROJECT]  = true; $wgNamespacesWithSubpages[NS_ADMIN]    = true; $wgNamespacesWithSubpages[NS_BLOG]     = true; $wgNamespacesWithSubpages[NS_BLOG_TALK] = true; $wgNamespacesWithSubpages[NS_CONTACT]  = true; $wgNamespacesWithSubpages[NS_TEST]     = true;

require_once("extensions/AuthorRestriction.php");
 * 1) Add the "read" restriction type & "author" restriction level
 * 2) This extension must be loaded BEFORE any other 'userCan' related extensions e.g. NamespacePermissions

// Namespace access control // require_once("includes/Namespace.php");

require_once("extensions/HierarchicalNamespacePermissions.php");
 * 1) Hierarchical Namespace Permissions based system

// Have to remove explicitly those rights created automatically by MW. // Our Namespace Permissions system will take care of policing the requested rights. $wgGroupPermissions['*' ]['read']           = false; $wgGroupPermissions['*' ]['edit']           = false; $wgGroupPermissions['*' ]['create']         = false; $wgGroupPermissions['*' ]['createpage']     = false; $wgGroupPermissions['*' ]['createtalk']     = false; $wgGroupPermissions['*' ]['createaccount']  = false;

$wgGroupPermissions['user' ]['read']            = false; $wgGroupPermissions['user' ]['move']            = false; $wgGroupPermissions['user' ]['edit']            = false; $wgGroupPermissions['user' ]['upload']          = false; $wgGroupPermissions['user' ]['reupload']        = false; $wgGroupPermissions['user' ]['reupload-shared'] = false; $wgGroupPermissions['user' ]['minoredit']       = false; $wgGroupPermissions['user' ]['createpage']      = false; $wgGroupPermissions['user' ]['createtalk']      = false;

// Implicit group for all visitors users $wgGroupPermissions['*' ]['createaccount']  = true;

// SYSOP $wgGroupPermissions['sysop' ][hnpClass::buildPermissionKey("~","~","~")]   = true; // Remove the 'bot' right or else the 'recent change' page will be completly messed up. $wgGroupPermissions['sysop' ][hnpClass::buildPermissionKey("~","~","!bot")] = true;


 * 1) $wgGroupPermissions['sysop' ]['coding']        = true;
 * 2) $wgGroupPermissions['sysop' ]['protect']       = true;
 * 3) $wgGroupPermissions['sysop' ]['viewsource']    = true;
 * 4) $wgGroupPermissions['sysop' ]['templating']    = true;
 * 5) $wgGroupPermissions['sysop' ]['editattributes'] = true;
 * 6) $wgGroupPermissions['sysop' ]['readattributes'] = true;
 * 7) $wgGroupPermissions['sysop' ]['protectsection'] = true;

$anonAllowedSpaces = array( NS_MEDIA, NS_SPECIAL, NS_MAIN, NS_TALK, NS_USER, NS_USER_TALK, NS_HELP, NS_HELP_TALK, NS_CATEGORY,NS_CATEGORY_TALK,NS_PROJECT,NS_PROJECT_TALK, NS_BLOG, NS_BLOG_TALK, NS_IMAGE ); foreach($anonAllowedSpaces as $ns) {	$wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createaccount")]  = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","read")]  = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","browse")] = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","search")] = true; #$wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","viewsource")] = true; } $wgGroupPermissions['*' ][hnpClass::buildPermissionKey("~","~","createaccount")]   = true;

foreach($anonAllowedSpaces as $ns) {	$wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","viewsource")] = true; }

// Add a bit more to anonymous users $ns = NS_PROJECT_TALK; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","edit")]       = true; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","createpage")] = true; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","createtalk")] = true; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","create")]     = true; $ns = NS_TALK; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","create")]     = true; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","createtalk")] = true; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"~","edit")]       = true;
 * 1) $ns = Namespace::getCanonicalName(NS_PROJECT_TALK);

// Special Right to access the "show user" page. !!!!!!!!!!DEBUG STUFF!!!!!!!!!!!!!! $ns = NS_ADMIN; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"Show_Groups","read")] = true;

// Special permission required to access Javascript Code $ns = NS_CODE; $wgGroupPermissions['*' ][hnpClass::buildPermissionKey($ns,"js/*","getJs")] = true;

// A registered user gets a bit more rights still // -- $userAllowedSpaces = array( NS_TALK, NS_USER, NS_USER_TALK, NS_HELP_TALK, NS_CATEGORY_TALK,NS_PROJECT_TALK ); foreach($userAllowedSpaces as $ns) { $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createtalk")]   = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","edit")] = true; }

// Add the permissions to the "extra namespaces" following the NamespacePermissions extension

$ns = NS_BLOG; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","raw")]       = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","read")]      = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","browse")]    = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","create")]    = true;  # let unregistered users post comments. $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createpage")] = true; # let unregistered users post comments. $ns = NS_BLOG_TALK; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","read")]      = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","browse")]    = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","edit")]      = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createtalk")] = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createpage")] = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","create")]    = true;

// CONTACT related $ns = NS_CONTACT; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","create")]           = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","createpage")]       = true; $wgGroupPermissions['*'][hnpClass::buildPermissionKey($ns,"~","SubmitWithoutRead")] = true;

$wgGroupPermissions['user'][hnpClass::buildPermissionKey(NS_ADMIN,"Leave_Comment_Form","read")] = true; $wgGroupPermissions['user'][hnpClass::buildPermissionKey(NS_ADMIN,"Leave_Comment_Form","viewsource")] = true;
 * 1) $wgGroupPermissions['*'][hnpClass::buildPermissionKey("~","~","viewsource")] = true;