Hi everyone,
as I needed some basic protection on some pages of my wiki, I went ahead and implemented a simple ACL mechanism. This is based on the 1.3.11 version of the code, I did not yet look at the 1.4 stuff. I plan to adapt 1.4 when I'm upgrading my site, which will not happen before the final release.
The changed files can be found at http://www.maphi.net/SimpleACLs-1.3.11.zip if anyone is interested.
Now, as I have no idea on how the submittal process works. Is there a chance to include this into the wiki itself, or does it have to be for 1.4 in order to be included? Do I need to submit the changes in a specific format, like a diff? If so, which would be the right tool to use? I'm working on a Windows box, using WinDiff - I guess that's not the right tool here :)
Some background on what I did:
The page SpecialMakesysop allows Developer-Sysops (the user needs both rights) to give arbitrary rights to users. This can be any string, comma-separated for multiples, with a total length of 255 characters because of the DB limit. With the exception of sysop, bureocrat, developer, bot, and hidden (see below) there is no special meaning to any right.
I changed Skin.php, SkinCologneBlue, and SkinPhptal, so that the protect button is available to any user that has any right. As these rights need to be given by someone else, vandalism should not be an issue.
Protecting a page sets its restrictions to the rights of the protecting user. If the user has more than one right, he can specify which of his rights should be applied by editing the restriction string. This is rather error prone, but in my wiki, people have only one right.
The protect page contains a checkbox to hide a page from public view. If this checkbox is set, the "hidden" restriction is added to the page as well.
People can only edit a page if they have all rights (minus hidden) that the page requires. This is straight from the existing code. They also need all rights to unprotect the page.
People can only read hidden pages if they have at least one of the necessary rights.
Sysops can always read, edit, and unprotect all pages.
I did a small change to SearchEngine, so that the search does not give previews if the feature is enabled. Users will see if their search term appears in a hidden page, but that's it.
I left RecentChanges alone, so the page names and change comments are still visible to everyone.
The whole feature can be enabled by setting $wgEnableSimpleACLs to true in LocalSettings.php. You also need to create one developer,sysop user using SQL as described in http://meta.wikimedia.org/wiki/Setting_user_rights_in_MediaWiki. This user then can give rights to other users.
Comments (and bug detections) are welcome.
Regards, MaPhi
MaPhi Werner wrote:
Now, as I have no idea on how the submittal process works. Is there a chance to include this into the wiki itself, or does it have to be for 1.4 in order to be included?
1.3 has been in maintenance mode for some time, and is receiving only security updates at this time.
1.4 is in release candidacy and is receiving only bug fixes.
Any significant new features would only be accepted on the 1.5 branch. 1.5 already has a fairly different user rights system than the older versions, and it's currently unfinished and will require a lot of work and changes before 1.5 is released.
Do I need to submit the changes in a specific format, like a diff? If so, which would be the right tool to use? I'm working on a Windows box, using WinDiff - I guess that's not the right tool here :)
Unified diff format against CVS is preferred (produced by cvs diff -u). Patches should probably be posted as attachments (*not* comments) to an enhancement request on our bugzilla: http://bugzilla.wikimedia.org/
The protect page contains a checkbox to hide a page from public view. If this checkbox is set, the "hidden" restriction is added to the page as well.
Note that this is likely unreliable; see past posts on this list about page hiding schemes being defeatable by template inclusion etc. MediaWiki is *not* designed to hide active pages on an editable wiki, and this should *not* be relied upon.
-- brion vibber (brion @ pobox.com)
Hi
Nice, I'll give it a shot.
At 3/16/2005 12:35 PM, you wrote:
I did a small change to SearchEngine, so that the search does not give previews if the feature is enabled. Users will see if their search term appears in a hidden page, but that's it.
I left RecentChanges alone, so the page names and change comments are still visible to everyone.
What about diffs ? I hope they are protected too ?
What about medias ? Sounds a little more difficult to do.
-- Sebastien Barre
wikitech-l@lists.wikimedia.org