I'm using MediaWiki to create a corporate wiki, and need to allow access to certain pages only to certain groups. I don't see full support for this in MediaWiki as of 1.4.11 (although there is stub support- you can do this for moderators). Unless this has already been implemented for 1.5 or there is already a 3rd party patch, I'm going to implement this myself, and will be pushing for (and almost will certainly get) permission to give this change back to the community. While Wikipedia may not use it, it would be a nice feature for the wiki in general. And if it brings in more corporate users, those users may always contribute back more useful changes.
This brings me to how to implement this. I have a few ideas, if anyone can comment on them.
Part 1- storing restrictions
I can either use the cur_restricted field of the cur table, or create a new table that has a pair (pagename,group). If the pagename has restrictions, you would need to be in one of those groups. If there were no restrictions, it would default to open. Which of these ways sounds preferable? I sort of like the new table, since then lookups on old versions wouldn't need to access the cur table for restrictions data.
Part 2- storing groups
A new table with pairs (user id, groupname). A user can be in any number of groups.
Part 3- applying restrictions
Any time someone tries to access cur_text, they need to check against permissions. If they fail, they should not actually read the text. Do only Article and EditPage need this protection, or will it need to go elsewhere as well?
I'm thinking of implementing this as a new class (Permission) with a two methods- checkPermission($user,$title) that will return TRUE if user can access the title, and FALSE if not On a FALSE, the calling code will need to push an error up the call stack in whatever way is appropriate. Probably a web page saying that the page is protected, and listing the groups.
The other function is groupList($title) that will return the list of groups with permission to read it. Its there to allow callers to get allowed groups for the error page. (Alternatively, Permission could generate an error page, but that sounds messy).
Part 4- editing permissions
An extra box on the edit page, with a list of groups. Add a group to add it to the restricted to list. You must have edit permissions (in other words, you must be in one of the previously allowed groups or be an admin/beauracrat) to add or remove a group.
Part 5- adding people to groups
Basicly, this is a special page. I'll probably allow, as a basic method, any admin, beauracrat, or existing group member to add you to a group. I'm not as interested in this part of the problem, as I'll be getting my groups from /etc/group.
Any comments on how I plan to implement this? Or if it already exists and I'm being a moron (or missing a 3rd party patch somewhere), please help me out.
Gabe