Category:Access Control: Difference between revisions

From publications
No edit summary
 
(3 intermediate revisions by the same user not shown)
Line 20: Line 20:
Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).  
Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).  


The special category <nowiki>[[some-category:user:]]</nowiki> followed by a '''user''' is a marking that provides that '''user''' with an exclusion from other users accessing their page, except for the <nowiki>[[sysop]] [[administrator]]</nowiki>, or except when the page is also marked with another user's <nowiki>[[some-category:user:]]</nowiki> mark.  
The special category <nowiki>[[some-category:user:<name>]]</nowiki> followed by a '''user name''' is a marking that provides that '''user''' with an exclusion from other users accessing their page, except for the <nowiki>[[sysop]] [[administrator]]</nowiki>, or except when the page is also marked with another user's <nowiki>[[some-category:user:<other-user-name>]]</nowiki> mark.  


The [[:category:private]] and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a [[sysop]] respectively.
The [[:category:private]] and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a [[sysop]] respectively.
Line 41: Line 41:
[[Access control]] markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.
[[Access control]] markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.


The specialisations involve <nowiki>[[category:edit:user:]]</nowiki> and <nowiki>[[category:edit:]]</nowiki> markings, where group is synonymous with a category marking.
The specialisations involve <nowiki>[[category:edit:user:]]</nowiki> and <nowiki>[[category:edit:]]</nowiki> markings, where group is a synonym of the category marking. e.g. <nowiki>[[category:edit:user:ralph]]</nowiki> or <nowiki>[[category:edit:trainer]]</nowiki>


Some examples follow:
Some examples follow:
Line 52: Line 52:
=categories=
=categories=
This page is marked as [[:category:public]] so the public (anonymous users) may access/view the page.
This page is marked as [[:category:public]] so the public (anonymous users) may access/view the page.
[[category:Index]]
[[category:public]]
[[category:public]]
[[category:Security]]
[[category:Security]]
[[category:glossary]]

Latest revision as of 18:44, 2 October 2022

overview

Pages marked by these category:Access Control categories are subject to access control privilege checks.

The access control mechanism is provided by customisations of

Restrict access by category and group[1] extension originally developed by Andrés Orencio Ramirez Perez.

The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges.

read access

Pages containing these read access control categories are [[:category:private]] and not accessible by a user unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with category:public, or the page is a white-listed page (e.g. Special:Login, Special:Logout).

The group privileges are setup in LocalSettings.php and groups are assigned to users from Special:UserRights pages.

The category:public is an inclusive privacy marking that makes the page visible to all users, including unauthenticated users.

Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any Category marking.

Pages marked with any other read category:Access Control markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).

The special category [[some-category:user:<name>]] followed by a user name is a marking that provides that user with an exclusion from other users accessing their page, except for the [[sysop]] [[administrator]], or except when the page is also marked with another user's [[some-category:user:<other-user-name>]] mark.

The category:private and special user: categories are exclusive, and the user must be a member of the private group, or be one of the users marked on the page, or a sysop respectively.

unauthenticated users

🚩 Anonymous users are only able to Access:

  • pages containing the [[category:public|public]] privilege, and
  • Special: pages:
    • [[Special:Login]]
    • [[Special:Logout]]
    • [[Special:UserLogin]]
    • [[Special:UserLogout]]
    • [[Special:Badtitle]]
    • [[Special:Random]]
    • [[Special:RecentChanges]]
    • [[Special:Version]]
    • [[Special:AllPages]]

edit access

Access control markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.

The specialisations involve [[category:edit:user:]] and [[category:edit:]] markings, where group is a synonym of the category marking. e.g. [[category:edit:user:ralph]] or [[category:edit:trainer]]

Some examples follow:

  • [[category:edit:user:ralph]] will permit the page to be edited by [[user:ralph]] or a [[sysop]]
  • [[:category:edit:trainer]] will permit the page to be edited by a user that has been assigned to the group [[trainer]].

references

categories

This page is marked as category:public so the public (anonymous users) may access/view the page.

Pages in category "Access Control"

The following 2 pages are in this category, out of 2 total.