LocalSettings.php
The LocalSettings.php customisations:
- install the extension and
- defined private group privileges.
The http://regional-training.org wiki has the following LocalSettings.php customisations for category:Access Control:
# SECURITY prevent public privleges (anonymous user) $wgReadPermissions['*']['read'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermisisons['*']['createpage'] = false; $wgGroupPermissions['*']['createaccount'] = false; # install Page Access authorisation extension require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php"; # sysop can create accounts $wgGroupPermissions['sysop']['createaccount'] = true; # exclusive private category - where only user's with private group can access, or the sysop $wgGroupPermissions['private']['*'] = false; $wgGroupPermissions['private']['private'] = true; # private category that users with group:lesson may access, or sysop $wgGroupPermissions['lesson']['*'] = false; $wgGroupPermissions['lesson']['private'] = true; # private category that users with group:student may access, or sysop $wgGroupPermissions['student']['*'] = false; $wgGroupPermissions['student']['private'] = true; # private category that users with group:projects may access, or sysop $wgGroupPermissions['projects']['*'] = false; $wgGroupPermissions['projects']['private'] = true; # private category that users with group:trainer may access, or sysop $wgGroupPermissions['trainer']['*'] = false; $wgGroupPermissions['trainer']['private'] = true; # the above private categories will show up as group privileges that may be assigned to users. # you may define nearly any group you may required (except for predefined names such as user) $wgGroupPermissions['sysop']['deletelogentry'] = true; $wgGroupPermissions['sysop']['deleterevision'] = true; $wgShowExceptionDetails = true; $wgRightsPage = 'wiki rights';
summary
These privileges may be assigned to a selected user from the Special:UserRights page, and are accessible in the php hook via $user->getGroups().
.
Categories may be assigned to a page, where the category may be associated by name to a group.
Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained category:Access Control that is implemented by the RestrictAccessByCategoryAndGroup.php extension.