If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked.
For further details, see Security issues with authorization extensions
Release status: stable
|Description||Restrict permissions by category and group|
|Latest version||3.0 (2021-10-06)|
|License||GNU General Public License 3.0 or later|
|Translate the CategoryLockdown extension if it is available at translatewiki.net|
CategoryLockdown is an extension that allows admins to restrict permissions by category and group.
- Download and place the file(s) in a directory called
- Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'CategoryLockdown' );
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
To restrict the 'read' permission of the Category:Maintenance and pages within it to the 'sysop' group only (admins), add the following to your LocalSettings.php:
$wgCategoryLockdown['Maintenance']['read'] = 'sysop';
Similarly if you now want to restrict the 'edit' permission of the Category:Sales to the 'vendor' group, you can do:
$wgCategoryLockdown['Sales']['edit'] = 'vendor';
You can also restrict permissions to several groups at once, like so:
$wgCategoryLockdown['Sales']['edit'] = [ 'vendor', 'manager' ];
Note that pages in subcategories are not affected. If Category:Clients is a subcategory of Category:Sales, then pages within it won't be protected by the above setting. You'd need to add:
$wgCategoryLockdown['Clients']['edit'] = [ 'vendor', 'manager' ];
Finally, note that:
- Rules don't apply to admins
- You can use this syntax to restrict any permission (not just 'read' and 'edit'). However, if users are allowed to 'read' and 'edit' a page, then they can avoid other restricted permissions by recategorizing a page.
- This extension only removes permissions, it doesn't grant them. If the general config of your wiki forbids editing to all users, then adding a rule that restricts editing to a certain group won't work. Instead, allow editing to all users and then restrict editing to the desired group using this extension.