Extension:FlaggedRevs/Restricting unapproved revisions

From MediaWiki.org
Jump to: navigation, search

This page describes how to only give read access to the stable versions of articles to anonymous users for MediaWiki 1.17+.

Basic idea[edit | edit source]

This approach works as follows:

  • (i) Make all pages unreadable and uneditable by non-users (that is, readable only for users)
  • (ii) But make the stable version of pages an exception in that they are readable to non-users

The details to do this are described in the next few sections.

Making the site readable only by users[edit | edit source]

See Manual:Preventing_access#Restrict_viewing_of_all_pages and Manual:Preventing_access#Restrict_editing_of_all_pages

Add these lines to your LocalSettings.php file:

# Disable reading by anonymous users
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
 
# But allow them to read e.g., these pages:
$wgWhitelistRead =  array ( "Main Page", "Special:Userlogin", "Help:Contents");
 
# Like previous, but for French (be careful of encoding! save file as UTF-8!)
# $wgWhitelistRead = array( ":Page Principale", "Special:Userlogin", "Aide en français");

Adding stable version as exemption for non-users[edit | edit source]

Add the following to LocalSettings.php:

	 # Flagged revisions are always visible to users with rights below. 	 
	 # Use '*' for non-user accounts. This is for read-restricted wikis. 	 
	 $wgFlaggedRevsVisible = array( '*' );

Note Note: $wgFlaggedRevsVisible is an array of user groups. Setting it to array('*') will let all visitors be able to see the stable version of pages. Setting it to array('supergroup') will make the stable versions visible to users in the group 'supergroup'.

Note Note: You also don't have to use these global variables and can just hard code whatever is needed into the efFlaggedRevsHooks_userCanView function mentioned below.

MediaWiki >= 1.19[edit | edit source]

Add the following code to LocalSettings.php (or an appropriate custom start-up config file):

$wgHooks['TitleReadWhitelist'][] = 'efFlaggedRevsHooks_userCanView';

...and then define the following function:

function efFlaggedRevsHooks_userCanView( Title $title, $user, &$result ) {
    global $wgFlaggedRevsVisible, $wgTitle;
    if ( empty( $wgFlaggedRevsVisible ) ) {
        return true;
    }
    # Admin may set this to false, rather than array()...
    $groups = $user->getGroups();
    $groups[] = '*';
    if ( !array_intersect( $groups, $wgFlaggedRevsVisible ) ) {
        return true;
    }
    # See if there is a stable version. Also, see if, given the page
    # config and URL params, the page can be overriden. The later
    # only applies on page views of $title.
    if ( !empty( $wgTitle ) && $wgTitle->equals( $title ) ) {
        $view = FlaggablePageView::singleton();
        // Cache stable version while we are at it.
        if ( $view->showingStable() ) {
            $result = true;
        }
    } else {
        // Search and such need to know that the reader can view this page
        if ( FlaggedRevision::newFromStable( $title ) ) {
            $result = true;
        }
    }
    return true;
}

MediaWiki <= 1.18[edit | edit source]

Add the following code to localsettings.php (or an appropriate custom start-up config file):

$wgHooks['userCan'][] = 'efFlaggedRevsHooks_userCanView';

...and then define the following function:

function efFlaggedRevsHooks_userCanView( Title $title, $user, $action, &$result ) {
    global $wgFlaggedRevsVisible, $wgTitle;
    # Assume $action may still not be set, in which case, treat it as 'view'...
    # Return out if $result set to false by some other hooked call.
    if ( $action !== 'read' || $result === false || empty( $wgFlaggedRevsVisible ) ) {
        return true;
    }
    # Check if user is in a group that at least lets them see stable versions
    $groups = array_merge( $user->getGroups(), array( '*' ) );
    if ( !array_intersect( $groups, $wgFlaggedRevsVisible ) ) {
        return true;
    }
    # See if there is a stable version. Also, see if, given the page 
    # config and URL params, the page can be overriden. The later
    # only applies on page views of $title.
    if ( !empty( $wgTitle ) && $wgTitle->equals( $title ) ) {
        $view = FlaggedArticleView::singleton();
        // Cache stable version while we are at it.
        if ( $view->showingStable() ) {
            $result = true;
        }
    } else {
        // Search and such need to know that the reader can view this page
        if ( FlaggedRevision::newFromStable( $title ) ) {
            $result = true;
        }
    }
    return true;
}

Caveats[edit | edit source]

  • Warning Warning: This does not work well with img_auth.php, as non-user viewers will not be able to see images. You will probably just want to leave images public but under hashed directories to make them harder to find. This is acceptable if there are no private files and the main concern is just not to release unverified content.
  • Warning Warning: The search index is still based on the current version of pages, but only results for pages with stable versions are displayed at Special:Search. If a stable version is out of date then unreviewed content for that page becomes theoretically discoverable by brute force searching.
  • Note Note: This will probably be useless without having $wgFlaggedRevsOverride = true.
  • Note Note: Make sure that $wgWhitelistRead is set properly. You will at least want something like $wgWhitelistRead = array( 'Main Page', 'Special:Search' ). You may also want visible directory or category pages. Otherwise, the wiki will be hard to browse for readers.
  • Note Note: You will probably want to edit MediaWiki:loginreqpagetext to make it more detailed. It will come up in various situations and thus should explain the approval system setup.