Category:Access Control: Difference between revisions

From publications
VisualWikitext
 
(21 intermediate revisions by the same user not shown)
Line 4: Line 4:
The access control mechanism is provided by customisations of
The access control mechanism is provided by customisations of
* [[regional-training LocalSettings.php|LocalSettings.php]], and
* [[regional-training LocalSettings.php|LocalSettings.php]], and
* [[Regional-training RestrictAccessByCategoryAndGroup.php|RestrictAccessByCategoryAndGroup.php]]
* [[RestrictAccessByCategoryAndGroup.php]]
[https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez.
[https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez.


The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various [[privilege]] [[groups]]. The $access type was ignored and the grant was assumed for read [[privileges]].
The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges.


==read access==
==read access==
Pages containing these '''read''' [[access control]] [[categories]] are [[private]] and not [[accessible]] by a [[user]] unless the [[user]] is assigned to at least one of the corresponding [[privilege]] [[groups]] by an [[administrator]], or the [[page]] has been marked with [[:category:public]], or the page is a white-listed page (e.g. [[Special:Login]], [[Special:Logout]]).  
Pages containing these '''read''' [[access control]] categories are <nowiki>[[:category:private]]</nowiki> and not accessible by a '''user''' unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with [[:category:public]], or the page is a white-listed page (e.g. [[:Special:Login]], [[:Special:Logout]]).  


The [[group]] [[privileges]] are setup in [[Regional-training_LocalSettings.php|LocalSettings.php]] and [[groups]] are assigned to [[users]] from [[Special:UserRights]] [[pages]].
The group privileges are setup in [[LocalSettings.php]] and groups are assigned to users from [[:Special:UserRights]] pages.


The [[:category:public]] is an inclusive [[privacy]] [[marking]] that makes the [[page]] visible to all [[users]], including [[unauthenticated]] [[users]].  
The [[:category:public]] is an inclusive privacy marking that makes the page visible to all [[users]], including unauthenticated [[users]].  


Only [[authenticated]] [[users]] who are assigned to at least one [[group]], and [[administrators]], may [[access]] [[pages]] that are not marked with any [[category]] marking.  
Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any [[Special:categories|Category]] marking.  


Pages marked with any other '''read''' [[:category:Access Control]] marking are only accessible to [[authenticated]] [[users]] who have been assigned the corresponding [[group]]. In this way those categories work like an [[inclusive]] [[or]] where they are not [[exclusive]].  
Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).  


The special [[:category:user:]] followed by a [[user]] is a marking that provides that [[user]] with an exclusion from other [[users]] [[accessing]] their [[page]], except for the [[sysop]] [[administrator]], or except when the page is also [[marked]] with another user's [[:category:user:]] [[mark]].  
The special category <nowiki>[[some-category:user:<name>]]</nowiki> followed by a '''user name''' is a marking that provides that '''user''' with an exclusion from other users accessing their page, except for the <nowiki>[[sysop]] [[administrator]]</nowiki>, or except when the page is also marked with another user's <nowiki>[[some-category:user:<other-user-name>]]</nowiki> mark.  


The [[:category:private]] and special [[user]] categories are [[exclusive]], and the [[user]] must be a member of the [[private]] [[group]], or be one of the [[user]] marked on the page, or a [[sysop]] respectively.
The [[:category:private]] and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a [[sysop]] respectively.


===[[unauthenticated]] [[users]]===
===unauthenticated users===
&#x1F6A9; [[Anonymous]] [[user|Users]] are only able to [[access control|Access]]:
&#x1F6A9; Anonymous users are only able to [[:category:Access Control|Access]]:
* [[page|pages]] containing the [[:category:public|public]] privilege, and
* pages containing the <nowiki>[[category:public|public]]</nowiki> privilege, and
* Special: pages:
* Special: pages:
** [[Special:Login]]
** <nowiki>[[Special:Login]]</nowiki>
** [[Special:Logout]]
** <nowiki>[[Special:Logout]]</nowiki>
** [[Special:UserLogin]]
** <nowiki>[[Special:UserLogin]]</nowiki>
** [[Special:UserLogout]]
** <nowiki>[[Special:UserLogout]]</nowiki>
** [[Special:Badtitle]]
** <nowiki>[[Special:Badtitle]]</nowiki>
** case [[Special:Random]]
** <nowiki>[[Special:Random]]</nowiki>
** case [[Special:RecentChanges]]
** <nowiki>[[Special:RecentChanges]]</nowiki>
** case [[Special:Version]]
** <nowiki>[[Special:Version]]</nowiki>
** case [[Special:AllPages]]
** <nowiki>[[Special:AllPages]]</nowiki>


==edit access==
==edit access==
[[Access control]] [[markings]] have been extended to include the [[edit]] [[action]] (and may be extended to other [[actions]] in the future). Where the [[action]] follows the category: prefix.
[[Access control]] markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.


The specialisations involve [[:category:edit:user:]] and [[:category:edit:]] [[markings]], where [[group]] is synonymous with a [[category]] [[marking]].
The specialisations involve <nowiki>[[category:edit:user:]]</nowiki> and <nowiki>[[category:edit:]]</nowiki> markings, where group is a synonym of the category marking. e.g. <nowiki>[[category:edit:user:ralph]]</nowiki> or <nowiki>[[category:edit:trainer]]</nowiki>


Some examples follow:
Some examples follow:
* [[:category:edit:user:ralph]] will permit the page to be edited by [[user:ralph]] or a [[sysop]]
* <nowiki>[[category:edit:user:ralph]]</nowiki> will permit the page to be edited by <nowiki>[[user:ralph]]</nowiki> or a <nowiki>[[sysop]]</nowiki>
* [[:category:edit:trainer]] will permit the page to be edited by a user that has been assigned to the group [[trainer]].
* <nowiki>[[:category:edit:trainer]]</nowiki> will permit the page to be edited by a user that has been assigned to the group <nowiki>[[trainer]]</nowiki>.


=references=
=references=
Line 51: Line 51:


=categories=
=categories=
This [[page]] is [[marked]] as [[:category:public]] so the [[public]] ([[anonymous]] [[users]]) may [[access]]/view the [[page]].
This page is marked as [[:category:public]] so the public (anonymous users) may access/view the page.
[[category:Index]]
[[category:public]]
[[category:public]]
[[category:Security]]
[[category:Security]]
[[category:glossary]]

Latest revision as of 17:44, 2 October 2022

overview

Pages marked by these category:Access Control categories are subject to access control privilege checks.

The access control mechanism is provided by customisations of

Restrict access by category and group[1] extension originally developed by Andrés Orencio Ramirez Perez.

The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges.

read access

Pages containing these read access control categories are [[:category:private]] and not accessible by a user unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with category:public, or the page is a white-listed page (e.g. Special:Login, Special:Logout).

The group privileges are setup in LocalSettings.php and groups are assigned to users from Special:UserRights pages.

The category:public is an inclusive privacy marking that makes the page visible to all users, including unauthenticated users.

Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any Category marking.

Pages marked with any other read category:Access Control markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).

The special category [[some-category:user:<name>]] followed by a user name is a marking that provides that user with an exclusion from other users accessing their page, except for the [[sysop]] [[administrator]], or except when the page is also marked with another user's [[some-category:user:<other-user-name>]] mark.

The category:private and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a sysop respectively.

unauthenticated users

🚩 Anonymous users are only able to Access:

  • pages containing the [[category:public|public]] privilege, and
  • Special: pages:
    • [[Special:Login]]
    • [[Special:Logout]]
    • [[Special:UserLogin]]
    • [[Special:UserLogout]]
    • [[Special:Badtitle]]
    • [[Special:Random]]
    • [[Special:RecentChanges]]
    • [[Special:Version]]
    • [[Special:AllPages]]

edit access

Access control markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.

The specialisations involve [[category:edit:user:]] and [[category:edit:]] markings, where group is a synonym of the category marking. e.g. [[category:edit:user:ralph]] or [[category:edit:trainer]]

Some examples follow:

  • [[category:edit:user:ralph]] will permit the page to be edited by [[user:ralph]] or a [[sysop]]
  • [[:category:edit:trainer]] will permit the page to be edited by a user that has been assigned to the group [[trainer]].

references

  1. https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group

categories

This page is marked as category:public so the public (anonymous users) may access/view the page.

Pages in category "Access Control"

The following 2 pages are in this category, out of 2 total.

L

R

Retrieved from ‘https://publications.arising.com.au:443/pub-dir/index.php?title=Category:Access_Control&oldid=347