Hi all,
We have setup a mediawiki with some extensions (LDAP authentication, FlaggedRevs, etc.) It basically works fine, but we have the problem, that specifc permissions, assigned to the group are not applied correctly.
We have three groups (admin, contributor and readonly) - and the readonly group, doesn't apply it's desiganted permissions correctly:
// Most extra permission abilities go to this group $wgGroupPermissions['admins']['block'] = true; $wgGroupPermissions['admins']['createaccount'] = true; $wgGroupPermissions['admins']['delete'] = true; $wgGroupPermissions['admins']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text $wgGroupPermissions['admins']['editinterface'] = true; $wgGroupPermissions['admins']['import'] = true; $wgGroupPermissions['admins']['importupload'] = true; $wgGroupPermissions['admins']['move'] = true; $wgGroupPermissions['admins']['patrol'] = true; $wgGroupPermissions['admins']['autopatrol'] = true; $wgGroupPermissions['admins']['protect'] = true; $wgGroupPermissions['admins']['proxyunbannable'] = true; $wgGroupPermissions['admins']['rollback'] = true; $wgGroupPermissions['admins']['trackback'] = true; $wgGroupPermissions['admins']['reupload'] = true; $wgGroupPermissions['admins']['upload'] = true; $wgGroupPermissions['admins']['reupload-shared'] = true; $wgGroupPermissions['admins']['unwatchedpages'] = true; $wgGroupPermissions['admins']['autoconfirmed'] = true; $wgGroupPermissions['admins']['upload_by_url'] = true; $wgGroupPermissions['admins']['ipblock-exempt'] = true; $wgGroupPermissions['admins']['review'] = true;
// Implicit group for all logged-in accounts $wgGroupPermissions['contributor']['move'] = true; $wgGroupPermissions['contributor']['read'] = true; $wgGroupPermissions['contributor']['edit'] = true; $wgGroupPermissions['contributor']['createpage'] = true; $wgGroupPermissions['contributor']['createtalk'] = true; $wgGroupPermissions['contributor']['upload'] = true; $wgGroupPermissions['contributor']['minoredit'] = true;
// Implicit group for all logged-in accounts $wgGroupPermissions['readonly']['read'] = true; $wgGroupPermissions['readonly']['move'] = false; $wgGroupPermissions['readonly']['edit'] = false; $wgGroupPermissions['readonly']['createpage'] = false; $wgGroupPermissions['readonly']['createtalk'] = false; $wgGroupPermissions['readonly']['upload'] = false; $wgGroupPermissions['readonly']['minoredit'] = false;
As you can see, readonly group, should only have read permissions. But when logging in with a readonly account, the account still has permissions to create a new page or move an existing page. I have absolutely no idea, why this isn't working and therefore asking now for some help.
Anything helpful will be much appreciated, and I'm also open to provide some more information, if required.
Thanks and all the best, Simon
From http://www.mediawiki.org/wiki/Manual:User_rights_management :
If a member has multiple groups, they get the highest permission of any groups. ... all registered users are in the 'user' group.
I'd guess that all your logged-in user are part of the 'user' group, which has permission to edit.
I suppose that you could replace all the 'readonly' with 'user' and obtain the desired results.
Hope it helps,
Alexis
On 29/11/11 10:38, Simon Reber wrote :
Hi all,
We have setup a mediawiki with some extensions (LDAP authentication, FlaggedRevs, etc.) It basically works fine, but we have the problem, that specifc permissions, assigned to the group are not applied correctly.
We have three groups (admin, contributor and readonly) - and the readonly group, doesn't apply it's desiganted permissions correctly:
// Most extra permission abilities go to this group $wgGroupPermissions['admins']['block'] = true; $wgGroupPermissions['admins']['createaccount'] = true; $wgGroupPermissions['admins']['delete'] = true; $wgGroupPermissions['admins']['deletedhistory'] = true; // can view deleted history entries, but not see or restore the text $wgGroupPermissions['admins']['editinterface'] = true; $wgGroupPermissions['admins']['import'] = true; $wgGroupPermissions['admins']['importupload'] = true; $wgGroupPermissions['admins']['move'] = true; $wgGroupPermissions['admins']['patrol'] = true; $wgGroupPermissions['admins']['autopatrol'] = true; $wgGroupPermissions['admins']['protect'] = true; $wgGroupPermissions['admins']['proxyunbannable'] = true; $wgGroupPermissions['admins']['rollback'] = true; $wgGroupPermissions['admins']['trackback'] = true; $wgGroupPermissions['admins']['reupload'] = true; $wgGroupPermissions['admins']['upload'] = true; $wgGroupPermissions['admins']['reupload-shared'] = true; $wgGroupPermissions['admins']['unwatchedpages'] = true; $wgGroupPermissions['admins']['autoconfirmed'] = true; $wgGroupPermissions['admins']['upload_by_url'] = true; $wgGroupPermissions['admins']['ipblock-exempt'] = true; $wgGroupPermissions['admins']['review'] = true;
// Implicit group for all logged-in accounts $wgGroupPermissions['contributor']['move'] = true; $wgGroupPermissions['contributor']['read'] = true; $wgGroupPermissions['contributor']['edit'] = true; $wgGroupPermissions['contributor']['createpage'] = true; $wgGroupPermissions['contributor']['createtalk'] = true; $wgGroupPermissions['contributor']['upload'] = true; $wgGroupPermissions['contributor']['minoredit'] = true;
// Implicit group for all logged-in accounts $wgGroupPermissions['readonly']['read'] = true; $wgGroupPermissions['readonly']['move'] = false; $wgGroupPermissions['readonly']['edit'] = false; $wgGroupPermissions['readonly']['createpage'] = false; $wgGroupPermissions['readonly']['createtalk'] = false; $wgGroupPermissions['readonly']['upload'] = false; $wgGroupPermissions['readonly']['minoredit'] = false;
As you can see, readonly group, should only have read permissions. But when logging in with a readonly account, the account still has permissions to create a new page or move an existing page. I have absolutely no idea, why this isn't working and therefore asking now for some help.
Anything helpful will be much appreciated, and I'm also open to provide some more information, if required.
Thanks and all the best, Simon
mediawiki-l@lists.wikimedia.org