LocalSettings.php: Difference between revisions
No edit summary |
No edit summary |
||
(One intermediate revision by the same user not shown) | |||
Line 51: | Line 51: | ||
[[image:privileges-groups.png|none]]. | [[image:privileges-groups.png|none]]. | ||
[[: | [[:Special:Categories]] may be assigned to a page, where the category may be associated by name to a group. | ||
Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained [[:category:Access Control]] that is implemented by the [[RestrictAccessByCategoryAndGroup.php]] extension. | Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained [[:category:Access Control]] that is implemented by the [[RestrictAccessByCategoryAndGroup.php]] extension. | ||
Line 59: | Line 59: | ||
[[category:customisation]] | [[category:customisation]] | ||
[[category:Security]] | [[category:Security]] | ||
[[category:Access Control]] | [[category:Access Control]] |
Latest revision as of 17:57, 1 October 2022
The LocalSettings.php customisations:
- install the extension and
- defined private group privileges.
The http://regional-training.org wiki has the following LocalSettings.php customisations for category:Access Control:
# SECURITY prevent public privleges (anonymous user) $wgReadPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermisisons['*']['createpage'] = false; $wgGroupPermissions['*']['createaccount'] = false; # install Page Access authorisation extension require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php"; # sysop can create accounts $wgGroupPermissions['sysop']['createaccount'] = true; # exclusive private category - where only user's with private group can access, or the sysop $wgGroupPermissions['private']['*'] = false; $wgGroupPermissions['private']['private'] = true; # private category that users with group:lesson may access, or sysop $wgGroupPermissions['lesson']['*'] = false; $wgGroupPermissions['lesson']['private'] = true; # private category that users with group:student may access, or sysop $wgGroupPermissions['student']['*'] = false; $wgGroupPermissions['student']['private'] = true; # private category that users with group:projects may access, or sysop $wgGroupPermissions['projects']['*'] = false; $wgGroupPermissions['projects']['private'] = true; # private category that users with group:trainer may access, or sysop $wgGroupPermissions['trainer']['*'] = false; $wgGroupPermissions['trainer']['private'] = true; # the above private categories will show up as group privileges that may be assigned to users. # you may define nearly any group you may required (except for predefined names such as user) $wgGroupPermissions['sysop']['deletelogentry'] = true; $wgGroupPermissions['sysop']['deleterevision'] = true; $wgShowExceptionDetails = true; $wgRightsPage = 'wiki rights';
summary
These privileges may be assigned to a selected user from the Special:UserRights page, and are accessible in the php hook via $user->getGroups().
.
Special:Categories may be assigned to a page, where the category may be associated by name to a group.
Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained category:Access Control that is implemented by the RestrictAccessByCategoryAndGroup.php extension.