If a member has multiple groups, they get the highest
permission of any groups.
...
all registered users are in the 'user' group.
I'd guess that all your logged-in user are part of the 'user' group, which has
permission to edit.
I suppose that you could replace all the 'readonly' with 'user' and obtain
the desired results.
Hope it helps,
Alexis
On 29/11/11 10:38, Simon Reber wrote :
Hi all,
We have setup a mediawiki with some extensions (LDAP authentication,
FlaggedRevs, etc.)
It basically works fine, but we have the problem, that specifc
permissions, assigned to the group are not applied correctly.
We have three groups (admin, contributor and readonly) - and the
readonly group, doesn't apply it's desiganted permissions correctly:
// Most extra permission abilities go to this group
$wgGroupPermissions['admins']['block'] = true;
$wgGroupPermissions['admins']['createaccount'] = true;
$wgGroupPermissions['admins']['delete'] = true;
$wgGroupPermissions['admins']['deletedhistory'] = true; // can view
deleted history entries, but not see or restore the text
$wgGroupPermissions['admins']['editinterface'] = true;
$wgGroupPermissions['admins']['import'] = true;
$wgGroupPermissions['admins']['importupload'] = true;
$wgGroupPermissions['admins']['move'] = true;
$wgGroupPermissions['admins']['patrol'] = true;
$wgGroupPermissions['admins']['autopatrol'] = true;
$wgGroupPermissions['admins']['protect'] = true;
$wgGroupPermissions['admins']['proxyunbannable'] = true;
$wgGroupPermissions['admins']['rollback'] = true;
$wgGroupPermissions['admins']['trackback'] = true;
$wgGroupPermissions['admins']['reupload'] = true;
$wgGroupPermissions['admins']['upload'] = true;
$wgGroupPermissions['admins']['reupload-shared'] = true;
$wgGroupPermissions['admins']['unwatchedpages'] = true;
$wgGroupPermissions['admins']['autoconfirmed'] = true;
$wgGroupPermissions['admins']['upload_by_url'] = true;
$wgGroupPermissions['admins']['ipblock-exempt'] = true;
$wgGroupPermissions['admins']['review'] = true;
// Implicit group for all logged-in accounts
$wgGroupPermissions['contributor']['move'] = true;
$wgGroupPermissions['contributor']['read'] = true;
$wgGroupPermissions['contributor']['edit'] = true;
$wgGroupPermissions['contributor']['createpage'] = true;
$wgGroupPermissions['contributor']['createtalk'] = true;
$wgGroupPermissions['contributor']['upload'] = true;
$wgGroupPermissions['contributor']['minoredit'] = true;
// Implicit group for all logged-in accounts
$wgGroupPermissions['readonly']['read'] = true;
$wgGroupPermissions['readonly']['move'] = false;
$wgGroupPermissions['readonly']['edit'] = false;
$wgGroupPermissions['readonly']['createpage'] = false;
$wgGroupPermissions['readonly']['createtalk'] = false;
$wgGroupPermissions['readonly']['upload'] = false;
$wgGroupPermissions['readonly']['minoredit'] = false;
As you can see, readonly group, should only have read permissions. But
when logging in with a readonly account, the account still has
permissions to create a new page or move an existing page.
I have absolutely no idea, why this isn't working and therefore asking
now for some help.
Anything helpful will be much appreciated, and I'm also open to provide
some more information, if required.
Thanks and all the best,
Simon