Project:WikiProject Extensions/Projects/Recovery/Candidate1

This page is obsolete. It is being retained for archival purposes. It may document extensions or features that are obsolete and/or no longer supported. Do not rely on the information here being up-to-date. WikiProject Extensions is not active anymore. See Manual:Extensions instead. For questions and help, see Communication.

MediaWiki was not designed to support per-page or partial-page access restrictions. If you require this level of control, you are strongly advised to use a content management system that supports it natively. Patches or third-party extensions claiming to provide access control, when in use with MediaWiki, may not work in all cases, potentially exposing confidential data. Use them at your own risk. Neither the MediaWiki developers nor the Wikimedia Foundation are responsible for any data leaks that may result. This message is added to all extensions of this nature and may not reflect the actual security status of this extension. For more information, see Security issues with authorization extensions .

Page-by-page authentication in MediaWiki

Author: Josh Greenberg

Source: http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/

All code below is made available under the GPL v2 license

In the interests of centralizing information, we’ve started an internal wiki at the “Center”:http://chnm.gmu.edu that will eventually function as a sort of dynamic handbook to our facilities, staff and projects. The choice of a wiki was ideal, because each staff member can flesh out the documentation on his or her projects, and since it’s for internal use, we can take the general good intentions of users for granted.

However, there are some pages that will need to be restricted to certain users (things like payroll/budget information, or staffing discussions), so I went ahead and wrote a small plugin that allows any user to restrict access to a wiki page by embedding the allowed usernames within a special tag (working off of a really useful “blog post”:http://daryl.learnhouston.com/?p=125 outlining MediaWiki plugins).

Here’s what you do. Save the following code into a file called “accessControl.php” in your MediaWiki /extensions directory

< ?php
// MediaWiki extension that enables access restriction on a page-by-page
// basis
// Added 5/3/05 by Josh Greenberg
// [based on code snagged from http://daryl.learnhouston.com/?p=125]

//Add the hook function call to an array defined earlier in the wiki
//code execution.
$wgExtensionFunctions[] = "wfAccessControl";

//This is the hook function. It adds the tag to the wiki parser and
//tells it what callback function to use.
function wfAccessControl() {
    global $wgParser;
    # register the extension with the WikiText parser
    $wgParser->setHook( "accesscontrol", "controlUserAccess" );
}

// The callback function for user access
function controlUserAccess( $input ) {
    // Grab currently logged in user
    global $wgUser;

    // Create array of users with permission to access this page
    $usersAccess = explode(",,", $input);

    // Trim leading whitespaces from usernames
    foreach ($usersAccess as $userEntry) {
        $userEntry = strtolower(ltrim($userEntry));
    }

    // Put up an error message if current user doesn't match
    // accesscontrol list
    if (!in_array(strtolower($wgUser->getName()), $usersAccess)) {
        echo '';
         exit();
    }
    return $output;
}
?>

Then, add a line to the bottom of your LocalSettings.php to tell it to include the plugin:

include("extensions/accessControl.php");

That’s it for the installation. To restrict access on a page-by-page basis to specific users, just include the names of the allowed users within an tag (separated by double commas) in the body of that page. Thus, if you wanted to restrict access to the people with usernames “Fred”, “janedoe” and “Josh Greenberg”, you would use the following syntax:

Fred,,janedoe,,Josh Greenberg

Be careful with this! If you’re restricting access to a page, make absolutely sure that you’re including your own username within the tags, or else you won’t be allowed to reload the page to fix your mistake. If you find yourself locked out of a page that you need access to, you’ll have to disable the plugin.