[Mediawiki-l] One wiki, multiple private sections (or a wiki farm?)

[Platonides]

HotSop DotCom wrote:
> I want to set up a wiki which will contain a series of private sections, where each section will only be accessible to a specific set of users. When someone registers as a user they're given their own private section: one or more pages that only they and their friends can read and edit.
> 
> Then, to give a friend read/write access to their private section, they'd fill out a form with a username and email address. An automatically generated password would be sent to their friend's email, and that user will then be given read/write access to the section.
> 
> I want there to be a common section that everyone can see, and the admin should be able to see all the sections.
> 
> I don't want users of one section to know about the other sections. But, security that specifically relates to this setup isn't that big of an issue: one user probably isn't going to try hacking into another user's section. This is also probably not going to be a high-traffic site.
> 
> I was thinking of using categories and it looks like there are extensions that limit access to categories that I can use or modify. I can hack the core code if necessary, but I'd prefer not to do that. Also, this will be on shared hosting.
> 
> Are categories the best way to do this? Are their extensions that would make this easier? Are there tutorials already showing how to set something like this up?
> 
> I'd prefer to avoid creating a wiki family because it seems like that would make administration more difficult. With just one wiki the admin would be able to see everything without going to Special:Allpages for each of the wikis in the wiki farm.
> 
> I currently run a basic MW wiki, but I'm not familiar with all of MW's features. Can someone suggest the best way to do this, bearing in mind that security between the various sections isn't that much of a concern and also that I want to make administration as easy as possible (unless it will require much more work)?

It can't be done completely secure.
See
http://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions

Using differents wikis is the best way but may be troublesome on a
shared hosting, nonetheless I warn you that some users will try to break
into the others space.

Given your requeriments, I'd disable the API and Special:Export, make
NS_USER and NS_USERTALK non-includable, and hack the core (try using
UserCan hook) so user subpages can only be viewed (and edited) by a list
of friends (eg. User:Foo/Friends).
As you don't want to leak it, you'll want to change Special:Allpages
restriction, but it could still leak if the users add some of the hidden
pages to a category, appears as a search result, recentchanges...
There're many things to change/disable.