LocalSettings.php: Difference between revisions

From publications
No edit summary
No edit summary
 
(6 intermediate revisions by the same user not shown)
Line 48: Line 48:


=summary=
=summary=
These [[privileges]] may be assigned to a selected [[user]] from the [[Special:UserRights]] [[page]], and are accessible in the '''php''' hook via $user->getGroups().
These privileges may be assigned to a selected user from the [[:Special:UserRights]] page, and are accessible in the '''php''' hook via $user->getGroups().
[[image:regional-training-user-privileges-groups.png|none]].
[[image:privileges-groups.png|none]].


[[Categories]] may be assigned to a [[page]], where the [[category]] may be associated by name to [[group]].  
[[:Special:Categories]] may be assigned to a page, where the category may be associated by name to a group.  


Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained [[:category:Access Control]] that is implemented by the [[Regional-training RestrictAccessByCategoryAndGroup.php]] extension.
Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained [[:category:Access Control]] that is implemented by the [[RestrictAccessByCategoryAndGroup.php]] extension.


[[category:public]]
[[category:public]]
Line 59: Line 59:
[[category:customisation]]
[[category:customisation]]
[[category:Security]]
[[category:Security]]
[[category:index]]
[[category:Access Control]]
[[category:Access Control]]

Latest revision as of 17:57, 1 October 2022

The LocalSettings.php customisations:

  • install the extension and
  • defined private group privileges.

The http://regional-training.org wiki has the following LocalSettings.php customisations for category:Access Control:

# SECURITY prevent public privleges  (anonymous user)
$wgReadPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermisisons['*']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# install Page Access authorisation extension
require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php";

# sysop can create accounts
$wgGroupPermissions['sysop']['createaccount'] = true;

# exclusive private category - where only user's with private group can access, or the sysop
$wgGroupPermissions['private']['*'] = false;
$wgGroupPermissions['private']['private'] = true;

# private category that users with group:lesson may access, or sysop
$wgGroupPermissions['lesson']['*'] = false;
$wgGroupPermissions['lesson']['private'] = true;

# private category that users with group:student may access, or sysop
$wgGroupPermissions['student']['*'] = false;
$wgGroupPermissions['student']['private'] = true;

# private category that users with group:projects may access, or sysop
$wgGroupPermissions['projects']['*'] = false;
$wgGroupPermissions['projects']['private'] = true;

# private category that users with group:trainer may access, or sysop
$wgGroupPermissions['trainer']['*'] = false;
$wgGroupPermissions['trainer']['private'] = true;

# the above private categories will show up as group privileges that may be assigned to users.
# you may define nearly any group you may required (except for predefined names such as user)
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;

$wgShowExceptionDetails = true;
$wgRightsPage = 'wiki rights';

summary

These privileges may be assigned to a selected user from the Special:UserRights page, and are accessible in the php hook via $user->getGroups().

.

Special:Categories may be assigned to a page, where the category may be associated by name to a group.

Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained category:Access Control that is implemented by the RestrictAccessByCategoryAndGroup.php extension.