Extension:Access Control Panel
|If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked, leading to loss of funds or one's job.
For further details, see Security issues with authorization extensions
Access Control Panel
Release status: beta
|Description||Control access rights of custom defined groups|
|Author(s)||University of Macau (Aleksandar Bojinovic, Peter Kin-Fong Fong) (umdacctalk)|
|Latest version||1.1.1 (2013-10-02)|
|License||Educational Community License 2.0|
|Download||see Download section|
Translate the Access Control Panel extension if it is available at translatewiki.net
|Check usage and version matrix; code metrics|
The Access Control Panel extension provides a simple interface to setup group-based access control. Groups can be created or deleted, members can be added into or removed from groups, privileges can be granted or revoked, all in a single control page.
While a group is created, an associated namespace is also created. Members of a group can view and edit their group's namespace. If access privilege is granted, they can also view and/or edit other group's namespace.
This extension is a simple front-end to Extension:Lockdown, so Lockdown extension should be installed first before installing this extension.
Usage[edit | edit source]
The Access Control Panel extension is a MediaWiki Special Page. Only users in 'Teacher' group can access this special page. There are two ways to invoke this special page:
- Directly navigate to the page 'Special:AccessControlPanel'.
- Enter the 'Special Pages' page and click on the Access Control Panel special page.
The following shows the access control panel interface:
Once the access has been defined using above access control panel, all pages that are created within the namespace of a group will be subject to the access restrictions defined. For example:
- Define group G1 and add some users to it.
- Define that only group G1 (but no other groups) has read/edit access to pages of group G1.
- (As a G1 group member:) Create a page within the namespace of group G1, i.e. with page title G1:xxx
This last step is important: it is not sufficient for a group G1 user to create a page. What matters is that the page is within the G1 namespace, i.e. the page title begins with "G1:".
Version History[edit | edit source]
- Version 1.1.1 (2013-10-02)
- Remove function call to wfLoadExtensionMessage, which no longer exists in MediaWiki 1.21. Because of the removal, MediaWiki 1.15 is not supported since this version.
- Version 1.1 (2013-02-20)
- User can specify "Anyone" and "Logged-in users" as guest groups in privilege setting.
- Version 1.0.1 (2011-12-10)
- Minor bug fix.
- Version 1.0 (2011-11-02)
- Initial release.
Download[edit | edit source]
Installation[edit | edit source]
Requirements[edit | edit source]
The AccessControlPanel extension has the following requirements (besides the MediaWiki and PHP versions specified in the extension box):
- MySQL database servers are required; PostgreSQL and SQLite are not supported.
- MediaWiki database administrator access (or other database role that has privileges for creating SQL functions).
- Extension:Lockdown should be installed first. Please refer to Installing section for instruction.
Step by Step Instruction[edit | edit source]
Step 1: (optional) You may want to disallow anonymous users to read and edit your wiki. If you are using MediaWiki version 1.17 or later and have set your wiki to "Private wiki" during installation, then your wiki already disallows anonymous reading, and you don't need to do anything in this step. Otherwise, add the following lines to the bottom of your LocalSettings.php file.
$wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['read'] = false;
Step 2: Download the archive file from the link above.
Step 3: Extract the downloaded archive to the extensions directory of your MediaWiki installation. For example (replace with the actual path to your MediaWiki installation):
unzip AccessControlPanel-1.1.zip -d /path/to/mediawiki/extensions
Step 4: Add the following line to the bottom of LocalSettings.php (before the trailing ?>, if it is present):
(optional) By default, only users in group named 'Teacher' can access the access control panel. If you would like to name this group something else than 'Teacher', include the following line after the above require_once line (as you want to name the privileged group 'ControlGroup'):
$wgAccessControlPanelAllowedGroup = 'ControlGroup';
Finally, add the following two lines after the above:
$wgGroupPermissions[$wgAccessControlPanelAllowedGroup]['read'] = true; $wgGroupPermissions[$wgAccessControlPanelAllowedGroup]['edit'] = true;
Step 5: Update the MediaWiki database by executing the update.php maintenance script.
or alternatively run the following SQL query to add necessary tables in your MW database:
CREATE TABLE acp_tw_groups ( tw_grp_id int(11) NOT NULL AUTO_INCREMENT, tw_grp_name varchar(255) NOT NULL, PRIMARY KEY (tw_grp_id), KEY tw_grp_name (tw_grp_name) ); CREATE TABLE acp_tw_namespaces ( tw_ns_id int(11) NOT NULL AUTO_INCREMENT, tw_ns_number int(11) NOT NULL, tw_ns_name blob NOT NULL, PRIMARY KEY (tw_ns_id) ); CREATE TABLE acp_tw_privileges ( tw_priv_id int(11) NOT NULL AUTO_INCREMENT, tw_ns_number int(11) NOT NULL, tw_privilege varbinary(32) NOT NULL, tw_priv_group varbinary(255) NOT NULL, PRIMARY KEY (tw_priv_id), UNIQUE KEY tw_ns_priv_group (tw_ns_number,tw_privilege,tw_priv_group) );
acp_with your DB prefix!
Step 6: As a user of the privileged group (either the default 'Teacher' group, or whatever group name you defined in step 4), visit the page 'Special:AccessControlPanel' in your MediaWiki installation. If everything went well you should see the Access Control Panel special page. In the first panel ("Group management"), add a group with the name of the privileged group (again, either the default 'Teacher' group, or whatever group name you defined in step 4).