[Mediawiki-l] Exact use of $wgGroupPermissions

[Rowan Collins]

On 25/01/06, grok at resist.ca <grok at resist.ca> wrote:
> I understand very well the stance being taken by the
> Mediawiki developers; but it seems to me that there's a
> crying need for at least some sort of systematic
> extension/module capability for normal GNUnix-type
> permissions/file access, if not for ACL/SELinux type stuff.

Well, it's time to roll out the old open source response: "so do it!"
There are now a growing number of extension hooks (see docs/hooks.txt
in the source) built in to the software, so it may in fact be possible
to do all of this without major modification to the core code (maybe
the addition of a few extra hooks, or tightening up general security
in generally helpful ways). As you say, I'm sure such code would be
extremely popular if it worked reliably (which is the biggest problem;
if you want access controls, you presumably want them to be secure...)

One thing that ought to be pointed out straight away though, is that
you seem to making a lot of mentions of "files", "directories", and
technologies related to those. MediaWiki stores all pages in a
database, in a basically 'flat' structure - it has no hierarchical
structure, although pages are grouped into a small number of
'namespaces' (1 each for articles, discussions, policy, file
descriptions, etc). You possibly already knew this, or would soon have
discovered, but particularly your first message made me wonder if you
had the wrong image.

--
Rowan Collins BSc
[IMSoP]