Extension talk:AccessControl

Jump to navigation Jump to search

About this board

57 previous topics.

Archives 

Previous discussion was archived at Extension talk:AccessControl/Archive 1 on 2016-10-24.

migrated from Simple Security to AccessControl on mw 1.32 without Issue.

1
208.81.12.35 (talkcontribs)

Just commented out the require once for Simple Security, and added Access-Control


require_once("{IP}/extensions/Acess/Control/AccessControl.php");

$wgAdminCanReadAll = true;

$wgAccessControlRedirect = true;


I have the groups still in place from the SimpleSecurity extension ie;


# create user groups

$wgSecurityExtraGroups = array('TEAMSecure');

#prevent includes for pages that need extra security.

$wgNonincludableNamespaces = array('Example_page');

#Groups for secure pages

$wgGroupPermissions['all']['read'] = false;

$wgGroupPermissions['TEAMSecure']['read'] = true;

$wgGroupPermissions['TEAMSecure']['writeapi'] = true;

$wgGroupPermissions['TEAMSecure']['edit'] = true;

$wgGroupPermissions['TEAMSecure']['editinterface'] = true;

$wgGroupPermissions['TEAMSecure']['read'] = true;


So have used them accordingly;

Now on pages to be protected instead of adding [[Category:TEAMSecure]]

to secure the pae from all but the TEAMSecure group I used;

<accesscontrol>Administrators,TEAMSecure</accesscontrol>


The page is protected from view or edit, the user is redirected to a page called Deny User for authenticated users without access to that page.

and Deny anonymous for unauthenticated users.


Those pages can be edited by those users but all they change is the message they see when they try to get to the protected page since its redirected, I watch those pages for changes accordingly.

I did not keep the secure categories secition as this extension works atthe page/subpage level.


you may want to Disable some special pages to hide them or a subset of them accordingly. to prevent unauthorized users from using those tools to work around the extension.


Use the disablespecialpages extension .Extension:DisableSpecialPages

to disable all but login create user and search or look into this function that can disable any special pages including search


function disableSomeSpecialPages(&$list) {

       global $wgUser;

       #If not sysop disable other pages

       if (!in_array("sysop", $wgUser->getEffectiveGroups())) {

               unset($list['Version']);

               unset($list['Contributions']);

               unset($list['Allpages']);

               unset($list['Lonelypages']);

               unset($list['Longpages']);

               unset($list['Uncategorizedcategories']);

               unset($list['Categories']);

               unset($list['CreateCategory']);

               unset($list['CreateForm']);

               unset($list['CreateTemplate']);

               unset($list['Search']);

}

       return true;

}

$wgHooks['SpecialPage_initList'][] = 'disableSomeSpecialPages';


This is working well on mw 1.32 for me.


Reply to "migrated from Simple Security to AccessControl on mw 1.32 without Issue."
T0lk (talkcontribs)

I recently upgraded my wiki to 1.31.1 to see what the status of this extension would be. Surprisingly the site continues to work without any error messages, and restricted pages continue to be blocked. Search results of access restricted pages continues to work as expected as well. The only thing I could find which is broken now is an access bypass through the edit/view source tab, which reveals the page contents.

Has anyone fixed that issue, or found others? I did not test the content export feature/api.

T0lk (talkcontribs)

When combined with Extension:SourceProtection the wiki works as expected. The only added step now is making sure access restricted pages have edit protections in place.

Reply to "Status on 1.31.1"

Cannot access Special: namespace with AccessControl enabled

7
134.76.234.21 (talkcontribs)

I migrated my wiki (from 1.18 to latest 1.28). I was using the old AccessControl extension. Afer the migration (and updating the AccessControl plugin to the latest) whenever I try to access any of the Special Pages (including UserLogin and UserLogout) I get:

[e77339a315d8aef182f77e7f] /wiki/index.php?title=Special:UserLogin&returnto=Main+Page MWException from line 121 of /var/www/mediawiki-1.28.0/includes/page/WikiPage.php: Invalid or virtual namespace -1 given.

Backtrace:

  1. 0 /var/www/mediawiki-1.28.0/extensions/AccessControl/AccessControl.hooks.php(86): WikiPage::factory(Title)
  2. 1 /var/www/mediawiki-1.28.0/extensions/AccessControl/AccessControl.hooks.php(295): AccessControlHooks::getContentPage(integer, string)
  3. 2 [internal function]: AccessControlHooks::onUserCan(Title, User, string, string)
  4. 3 /var/www/mediawiki-1.28.0/includes/Hooks.php(195): call_user_func_array(string, array)
  5. 4 /var/www/mediawiki-1.28.0/includes/Title.php(2056): Hooks::run(string, array)
  6. 5 /var/www/mediawiki-1.28.0/includes/Title.php(2498): Title->checkPermissionHooks(string, User, array, string, boolean)
  7. 6 /var/www/mediawiki-1.28.0/includes/Title.php(1924): Title->getUserPermissionsErrorsInternal(string, User, string)
  8. 7 /var/www/mediawiki-1.28.0/includes/MediaWiki.php(202): Title->getUserPermissionsErrors(string, User)
  9. 8 /var/www/mediawiki-1.28.0/includes/MediaWiki.php(851): MediaWiki->performRequest()
  10. 9 /var/www/mediawiki-1.28.0/includes/MediaWiki.php(512): MediaWiki->main()
  11. 10 /var/www/mediawiki-1.28.0/index.php(43): MediaWiki->run()
  12. 11 {main}

Can you pls advice me how to properly configure the AccessControl plugin ?

132.183.13.75 (talkcontribs)

I also get this error in MW 1.29.0-wmf.3 when going to Special:Version.

109.190.122.47 (talkcontribs)

I fixed this one by editing "includes/page/WikiPage.php", in function factory. On line 120, replace : } elseif ( $ns < 0 ) {

By : } elseif ( $ns < -1 ) {

DanielJamieson (talkcontribs)

This worked for me. Thanks

213.164.76.76 (talkcontribs)

Hello,

Same Problem here, please fix it in the code, because at every update the changes ar lost!

Kind regards...

109.233.225.254 (talkcontribs)

Another dirty fix: In file "extensions/AccessControl/AccessControl.hooks.php": Add(not replace, just add) to line 83 this code:

if ($namespace == -1) $namespace = 0;

It works for me and will not overwritten after wiki core update.

Johnywhy (talkcontribs)

might be helpful to include the whole line.

so, from this

if ( $gt->isSpecialPage() ) {

to this?

if ( $gt->isSpecialPage() ) {if ($namespace == -1) $namespace = 0; 
Reply to "Cannot access Special: namespace with AccessControl enabled"

AccessControl and MediaWiki 1.31

1
ShInKurO (talkcontribs)

Hello,

I've installed this extension (latest version REL1_31), I've created a custom namespace into my LocalSetting.php and other steps which are described in the AccessControl wiki page, but if I try to log in into my wiki I've these errors:

[6799ad66fae2450d6b57bd1b] /php5/index.php?title=Speciale:Entra&returnto=Pagina+principale MWException from line 121 of /MY_WIKI/php5/includes/page/WikiPage.php: Invalid or virtual namespace -1 given.

Backtrace:

#0 /MY_WIKI/php5/extensions/AccessControl/AccessControl.hooks.php(86): WikiPage::factory(Title)

#1 /MY_WIKI/php5/extensions/AccessControl/AccessControl.hooks.php(294): AccessControlHooks::getContentPage(integer, string)

#2 /MY_WIKI/php5/includes/Hooks.php(177): AccessControlHooks::onUserCan(Title, User, string, string)

#3 /MY_WIKI/php5/includes/Hooks.php(205): Hooks::callHook(string, array, array, NULL)

#4 /MY_WIKI/php5/includes/Title.php(2269): Hooks::run(string, array)

#5 /MY_WIKI/php5/includes/Title.php(2737): Title->checkPermissionHooks(string, User, array, string, boolean)

#6 /MY_WIKI/php5/includes/Title.php(2135): Title->getUserPermissionsErrorsInternal(string, User, string)

#7 /MY_WIKI/php5/includes/MediaWiki.php(207): Title->getUserPermissionsErrors(string, User)

#8 /MY_WIKI/php5/includes/MediaWiki.php(861): MediaWiki->performRequest()

#9 /MY_WIKI/php5/includes/MediaWiki.php(524): MediaWiki->main()

#10 /MY_WIKI/php5/index.php(42): MediaWiki->run()

#11 {main}

Reply to "AccessControl and MediaWiki 1.31"

AccessControl Extension HTTP 500 Error with Mediawiki 1.30

1
106.57.72.254 (talkcontribs)

I installed the extension and added following lines to localsettings.php,

require_once("$IP/extensions/Accesscontrol/accesscontrol.php");

$wgAdminCanReadAll = true;

$wgAccessControlRedirect = false;

But when I tried to visit http://IPaddress/mediawiki/index.php, I got a HTTP 500 error. I searched apache error log and PHP error log, nothing found.

If I comment the line require_once..., everything works fine.

My environment is wamp (PHP 5.6.35, Apache 2.4.33, Mariadb 10.2.14) on Windows Server 2012 R2

Is this extension compatible with Apache 2.4.33? I notice some syntax has changed from Apache 2.2 to 2.4, such as "Deny from all" is changed to "Require all denied"

Reply to "AccessControl Extension HTTP 500 Error with Mediawiki 1.30"
Johnywhy (talkcontribs)
Reply to "Patch needed?"

Crashed 1.30 Special:SpecialPages

3
Johnywhy (talkcontribs)
[WstJ-uaufRsHLEzsvm4oNQAAABQ] /index.php/Special:SpecialPages MWException from line 127 of /home/gunsywtx/public_html/includes/page/WikiPage.php: Invalid or virtual namespace -1 given.

Backtrace:

#0 /home/gunsywtx/public_html/extensions/AccessControl/AccessControl.hooks.php(86): WikiPage::factory(Title)
#1 /home/gunsywtx/public_html/extensions/AccessControl/AccessControl.hooks.php(294): AccessControlHooks::getContentPage(integer, string)
#2 /home/gunsywtx/public_html/includes/Hooks.php(177): AccessControlHooks::onUserCan(Title, User, string, string)
#3 /home/gunsywtx/public_html/includes/Hooks.php(205): Hooks::callHook(string, array, array, NULL)
#4 /home/gunsywtx/public_html/includes/Title.php(2194): Hooks::run(string, array)
#5 /home/gunsywtx/public_html/includes/Title.php(2636): Title->checkPermissionHooks(string, User, array, string, boolean)
#6 /home/gunsywtx/public_html/includes/Title.php(2060): Title->getUserPermissionsErrorsInternal(string, User, string)
#7 /home/gunsywtx/public_html/includes/MediaWiki.php(206): Title->getUserPermissionsErrors(string, User)
#8 /home/gunsywtx/public_html/includes/MediaWiki.php(851): MediaWiki->performRequest()
#9 /home/gunsywtx/public_html/includes/MediaWiki.php(523): MediaWiki->main()
#10 /home/gunsywtx/public_html/index.php(43): MediaWiki->run()
#11 {main}
109.233.225.254 (talkcontribs)

Another dirty fix: In file "extensions/AccessControl/AccessControl.hooks.php": Add(not replace, just add) to line 83 this code:

if ($namespace == -1) $namespace = 0;

It works for me and will not overwritten after wiki core update.

Johnywhy (talkcontribs)

thx

Reply to "Crashed 1.30 Special:SpecialPages"

Trying to configure but the documentation doesnt help

1
177.215.67.42 (talkcontribs)

i`m trying to configure the access control extension but doesnt work, i created an group on my localsetting.php file but when i go to an page restricted by the group with an user that is part of the group it doesnt allow to access or edit the page. @Want

Reply to "Trying to configure but the documentation doesnt help"
Revel IT (talkcontribs)

I've recently installed Access Control (v. 2.6) on a fairly new MediaWiki (v. 1.30) server. I've tried creating a user list in a custom namespace and in the main namespace, but neither of them seem to work. I even tried using a modded AccessControl.php listed on the Extension page. Any help is appreciated.

Reply to "Adding User Groups"

Extension sees my tag on page but doesn't process.

1
Summary by Faw872

The problem was the page with the list of users must be on the main namespace. I was trying to point it to a custom namespace since the permissions were for there. Capitalization of first letter on username is important too.

<accesscontrol>Whois</accesscontrol>

On the page Whois:

*Awuff

*Jmich

Faw872 (talkcontribs)

When I edit the code of a page and put <accesscontrol>Editor:whois</accesscontrol>, anyone but administrators cannot access that page. I also tried several variations of this with no luck.

When I look at the code (around line 112), the following line returns a blank string, but it clearly should be returning the text inside the accesscontrol tag.

$allowedUsers = ContentHandler::getContentText( $groupPage -> getContent());

I'm using extension Access Control version REL 1_30, but I also went back to V2.6. It had a slightly different function call that calls a function no longer used, so that didn't work.

I'm using the latest MW core which is 1.30.

At first I thought my settings were wrong, but after fiddling with permissions for hours, I started debugging the code.

In the page: ".com/index.php/Editor:Whois" I put:

*awuff

*jmich

In the User List I have:

awuff ‎ (STAFF, Staff, Editor)

jmich (Staff,Editor)

In LocalSettings.php I have:

$wgGroupPermissions['Editor']['edit'] = true;

$wgGroupPermissions['Editor']['createpage'] = true;

$wgGroupPermissions['Editor']['read'] = true;

require_once "extensions/AccessControl/AccessControl.php";

$wgAdminCanReadAll = true;                      // sysop users can read all restricted pages

$wgAccessControlRedirect = false;       // don't redirect from page with search results for denied and

                                                                        // anonymous users, if searching pattern is validate on any                                                               

// Define constants for my additional namespaces.

define("NS_STAFF", 3000); // This MUST be even.

#define("NS_STAFF_TALK", 3001); // This MUST be the following odd integer.

define("NS_EDITOR", 3002);

// Add namespaces.

$wgExtraNamespaces[NS_STAFF] = "Staff";

#$wgExtraNamespaces[NS_STAFF_TALK] = "Staff_talk";

$wgExtraNamespaces[NS_EDITOR] = "Editor";

Going back to the code, line 111 "$groupPage = WikiPage::factory( $gt );"

returns:

object(WikiPage)#156 (12) { ["mTitle"]=> object(Title)#154 (32) { ["mTextform"]=> string(12) "Editor:whois" ["mUrlform"]=> string(12) "Editor:whois" ["mDbkeyform"]=> string(12) "Editor:whois" ["mUserCaseDBKey":protected]=> NULL ["mNamespace"]=> int(0) ["mInterwiki"]=> string(0) "" ["mLocalInterwiki":"Title":private]=> bool(false) ["mFragment"]=> string(0) "" ["mArticleID"]=> int(-1) ["mLatestID":protected]=> bool(false) ["mContentModel":"Title":private]=> bool(false) ["mForcedContentModel":"Title":private]=> bool(false) ["mEstimateRevisions":"Title":private]=> NULL ["mRestrictions"]=> array(0) { } ["mOldRestrictions":protected]=> bool(false) ["mCascadeRestriction"]=> NULL ["mCascadingRestrictions"]=> NULL ["mRestrictionsExpiry":protected]=> array(0) { } ["mHasCascadingRestrictions":protected]=> NULL ["mCascadeSources"]=> NULL ["mRestrictionsLoaded"]=> bool(false) ["mPrefixedText":protected]=> NULL ["mTitleProtection"]=> NULL ["mDefaultNamespace"]=> int(0) ["mLength":protected]=> int(-1) ["mRedirect"]=> NULL ["mNotificationTimestamp":"Title":private]=> array(0) { } ["mHasSubpages":"Title":private]=> NULL ["mPageLanguage":"Title":private]=> bool(false) ["mDbPageLanguage":"Title":private]=> bool(false) ["mTitleValue":"Title":private]=> NULL ["mIsBigDeletion":"Title":private]=> NULL } ["mDataLoaded"]=> bool(false) ["mIsRedirect"]=> bool(false) ["mLatest"]=> bool(false) ["mPreparedEdit"]=> bool(false) ["mId":protected]=> NULL ["mDataLoadedFrom":protected]=> int(-1) ["mRedirectTarget":protected]=> NULL ["mLastRevision":protected]=> NULL ["mTimestamp":protected]=> string(0) "" ["mTouched":protected]=> string(14) "19700101000000" ["mLinksUpdated":protected]=> string(14) "19700101000000" }