Category:Access Control: Difference between revisions
| (13 intermediate revisions by the same user not shown) | |||
| Line 4: | Line 4: | ||
The access control mechanism is provided by customisations of | The access control mechanism is provided by customisations of | ||
* [[regional-training LocalSettings.php|LocalSettings.php]], and | * [[regional-training LocalSettings.php|LocalSettings.php]], and | ||
* [[ | * [[RestrictAccessByCategoryAndGroup.php]] | ||
[https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez. | [https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez. | ||
| Line 10: | Line 10: | ||
==read access== | ==read access== | ||
Pages containing these '''read''' [[access control]] categories are [[:category:private]] and not accessible by a '''user''' unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with [[:category:public]], or the page is a white-listed page (e.g. [[:Special:Login]], [[:Special:Logout]]). | Pages containing these '''read''' [[access control]] categories are <nowiki>[[:category:private]]</nowiki> and not accessible by a '''user''' unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with [[:category:public]], or the page is a white-listed page (e.g. [[:Special:Login]], [[:Special:Logout]]). | ||
The group privileges are setup in [[LocalSettings.php]] and groups are assigned to users from [[:Special:UserRights]] pages. | The group privileges are setup in [[LocalSettings.php]] and groups are assigned to users from [[:Special:UserRights]] pages. | ||
The [[:category:public]] is an inclusive privacy marking that makes the page visible to all [[ | The [[:category:public]] is an inclusive privacy marking that makes the page visible to all [[users]], including unauthenticated [[users]]. | ||
Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any [[: | Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any [[Special:categories|Category]] marking. | ||
Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:). | Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:). | ||
The special [[ | The special category <nowiki>[[some-category:user:<name>]]</nowiki> followed by a '''user name''' is a marking that provides that '''user''' with an exclusion from other users accessing their page, except for the <nowiki>[[sysop]] [[administrator]]</nowiki>, or except when the page is also marked with another user's <nowiki>[[some-category:user:<other-user-name>]]</nowiki> mark. | ||
The [[:category:private]] and special | The [[:category:private]] and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a [[sysop]] respectively. | ||
===unauthenticated users=== | ===unauthenticated users=== | ||
🚩 Anonymous | 🚩 Anonymous users are only able to [[:category:Access Control|Access]]: | ||
* | * pages containing the <nowiki>[[category:public|public]]</nowiki> privilege, and | ||
* Special: pages: | * Special: pages: | ||
** [[ | ** <nowiki>[[Special:Login]]</nowiki> | ||
** [[ | ** <nowiki>[[Special:Logout]]</nowiki> | ||
** [[ | ** <nowiki>[[Special:UserLogin]]</nowiki> | ||
** [[ | ** <nowiki>[[Special:UserLogout]]</nowiki> | ||
** [[ | ** <nowiki>[[Special:Badtitle]]</nowiki> | ||
** | ** <nowiki>[[Special:Random]]</nowiki> | ||
** | ** <nowiki>[[Special:RecentChanges]]</nowiki> | ||
** | ** <nowiki>[[Special:Version]]</nowiki> | ||
** | ** <nowiki>[[Special:AllPages]]</nowiki> | ||
==edit access== | ==edit access== | ||
[[Access control]] markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix. | [[Access control]] markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix. | ||
The specialisations involve <nowiki>[[category:edit:user:]]</nowiki> and <nowiki>[[category:edit:]]</nowiki> markings, where group is | The specialisations involve <nowiki>[[category:edit:user:]]</nowiki> and <nowiki>[[category:edit:]]</nowiki> markings, where group is a synonym of the category marking. e.g. <nowiki>[[category:edit:user:ralph]]</nowiki> or <nowiki>[[category:edit:trainer]]</nowiki> | ||
Some examples follow: | Some examples follow: | ||
* <nowiki>[[category:edit:user:ralph]]</nowiki> will permit the page to be edited by <nowiki>[[user:ralph]]</nowiki> or a <nowiki>[[sysop]]</nowiki> | * <nowiki>[[category:edit:user:ralph]]</nowiki> will permit the page to be edited by <nowiki>[[user:ralph]]</nowiki> or a <nowiki>[[sysop]]</nowiki> | ||
* <nowiki>[[:category:edit:trainer]]</nowiki> will permit the page to be edited by a user that has been assigned to the group <nowiki>[[trainer]]</nowiki>. | * <nowiki>[[:category:edit:trainer]]</nowiki> will permit the page to be edited by a user that has been assigned to the group <nowiki>[[trainer]]</nowiki>. | ||
| Line 53: | Line 52: | ||
=categories= | =categories= | ||
This page is marked as [[:category:public]] so the public (anonymous users) may access/view the page. | This page is marked as [[:category:public]] so the public (anonymous users) may access/view the page. | ||
[[category:public]] | [[category:public]] | ||
[[category:Security]] | [[category:Security]] | ||
Latest revision as of 17:44, 2 October 2022
overview
Pages marked by these category:Access Control categories are subject to access control privilege checks.
The access control mechanism is provided by customisations of
Restrict access by category and group[1] extension originally developed by Andrés Orencio Ramirez Perez.
The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges.
read access
Pages containing these read access control categories are [[:category:private]] and not accessible by a user unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with category:public, or the page is a white-listed page (e.g. Special:Login, Special:Logout).
The group privileges are setup in LocalSettings.php and groups are assigned to users from Special:UserRights pages.
The category:public is an inclusive privacy marking that makes the page visible to all users, including unauthenticated users.
Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any Category marking.
Pages marked with any other read category:Access Control markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).
The special category [[some-category:user:<name>]] followed by a user name is a marking that provides that user with an exclusion from other users accessing their page, except for the [[sysop]] [[administrator]], or except when the page is also marked with another user's [[some-category:user:<other-user-name>]] mark.
The category:private and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a sysop respectively.
unauthenticated users
🚩 Anonymous users are only able to Access:
- pages containing the [[category:public|public]] privilege, and
- Special: pages:
- [[Special:Login]]
- [[Special:Logout]]
- [[Special:UserLogin]]
- [[Special:UserLogout]]
- [[Special:Badtitle]]
- [[Special:Random]]
- [[Special:RecentChanges]]
- [[Special:Version]]
- [[Special:AllPages]]
edit access
Access control markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.
The specialisations involve [[category:edit:user:]] and [[category:edit:]] markings, where group is a synonym of the category marking. e.g. [[category:edit:user:ralph]] or [[category:edit:trainer]]
Some examples follow:
- [[category:edit:user:ralph]] will permit the page to be edited by [[user:ralph]] or a [[sysop]]
- [[:category:edit:trainer]] will permit the page to be edited by a user that has been assigned to the group [[trainer]].
references
categories
This page is marked as category:public so the public (anonymous users) may access/view the page.
Pages in category "Access Control"
The following 2 pages are in this category, out of 2 total.