Category:Access Control: Difference between revisions
| Line 7: | Line 7: | ||
[https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez. | [https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group Restrict access by category and group]<ref>https://www.mediawiki.org/wiki/Extension:Restrict_access_by_category_and_group</ref> extension originally developed by Andrés Orencio Ramirez Perez. | ||
The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various | The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges. | ||
==read access== | ==read access== | ||
Pages containing these '''read''' [[access control]] | Pages containing these '''read''' [[access control]] categories are [[:category:private]] and not accessible by a '''user''' unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with [[:category:public]], or the page is a white-listed page (e.g. [[:Special:Login]], [[:Special:Logout]]). | ||
The | The group privileges are setup in [[LocalSettings.php]] and groups are assigned to users from [[:Special:UserRights]] pages. | ||
The [[:category:public]] is an inclusive | The [[:category:public]] is an inclusive privacy marking that makes the page visible to all [[:users]], including unauthenticated]] [[:users]]. | ||
Only | Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any [[:category]] marking. | ||
Pages marked with any other '''read''' [[:category:Access Control]] | Pages marked with any other '''read''' [[:category:Access Control]] markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:). | ||
The special [[:category:user:]] followed by a [[user]] is a marking that provides that [[user]] with an exclusion from other | The special [[:category:user:]] followed by a [[:user]] is a marking that provides that [[:user]] with an exclusion from other users accessing their page, except for the [[sysop]] [[administrator]], or except when the page is also marked with another user's [[:category:user:]] mark. | ||
The [[:category:private]] and special [[user]] categories are | The [[:category:private]] and special [[:user:]] categories are exclusive, and the [[:user:]] must be a member of the private group, or be one of the user marked on the page, or a [[sysop]] respectively. | ||
===[[unauthenticated]] [[users]]=== | ===[[unauthenticated]] [[users]]=== | ||
Revision as of 16:36, 1 October 2022
overview
Pages marked by these category:Access Control categories are subject to access control privilege checks.
The access control mechanism is provided by customisations of
Restrict access by category and group[1] extension originally developed by Andrés Orencio Ramirez Perez.
The original code is a callback that provided a yes/no access decision to view a page based solely on correlating page category markings to various privilege groups. The $access type was ignored and the grant was assumed for read privileges.
read access
Pages containing these read access control categories are category:private and not accessible by a user unless the user is assigned to at least one of the corresponding privilege groups by an administrator, or the page has been marked with category:public, or the page is a white-listed page (e.g. Special:Login, Special:Logout).
The group privileges are setup in LocalSettings.php and groups are assigned to users from Special:UserRights pages.
The category:public is an inclusive privacy marking that makes the page visible to all users, including unauthenticated]] users.
Only authenticated users who are assigned to at least one group, and administrators, may access pages that are not marked with any category marking.
Pages marked with any other read category:Access Control markings are only accessible to authenticated users who have been assigned the corresponding group. In this way those categories work like an inclusive-or] where they are not exclusive markings (such as private or User:).
The special category:user: followed by a user is a marking that provides that user with an exclusion from other users accessing their page, except for the sysop administrator, or except when the page is also marked with another user's category:user: mark.
The category:private and special [[:user:]] categories are exclusive, and the [[:user:]] must be a member of the private group, or be one of the user marked on the page, or a sysop respectively.
unauthenticated users
🚩 Anonymous Users are only able to Access:
edit access
Access control markings have been extended to include the edit action (and may be extended to other actions in the future). Where the action follows the category: prefix.
The specialisations involve category:edit:user: and category:edit: markings, where group is synonymous with a category marking.
Some examples follow:
- category:edit:user:ralph will permit the page to be edited by user:ralph or a sysop
- category:edit:trainer will permit the page to be edited by a user that has been assigned to the group trainer.
references
categories
This page is marked as category:public so the public (anonymous users) may access/view the page.
Pages in category "Access Control"
The following 2 pages are in this category, out of 2 total.