[Mediawiki-l] Group Permissions do not work

Tue Nov 29 09:38:45 UTC 2011

Hi all,

We have setup a mediawiki with some extensions (LDAP authentication,
FlaggedRevs, etc.)
It basically works fine, but we have the problem, that specifc
permissions, assigned to the group are not applied correctly.

We have three groups (admin, contributor and readonly) - and the
readonly group, doesn't apply it's desiganted permissions correctly:

// Most extra permission abilities go to this group
$wgGroupPermissions['admins']['block']           = true;
$wgGroupPermissions['admins']['createaccount']   = true;
$wgGroupPermissions['admins']['delete']          = true;
$wgGroupPermissions['admins']['deletedhistory']  = true; // can view
deleted history entries, but not see or restore the text
$wgGroupPermissions['admins']['editinterface']   = true;
$wgGroupPermissions['admins']['import']          = true;
$wgGroupPermissions['admins']['importupload']    = true;
$wgGroupPermissions['admins']['move']            = true;
$wgGroupPermissions['admins']['patrol']          = true;
$wgGroupPermissions['admins']['autopatrol']      = true;
$wgGroupPermissions['admins']['protect']         = true;
$wgGroupPermissions['admins']['proxyunbannable'] = true;
$wgGroupPermissions['admins']['rollback']        = true;
$wgGroupPermissions['admins']['trackback']       = true;
$wgGroupPermissions['admins']['reupload']        = true;
$wgGroupPermissions['admins']['upload']          = true;
$wgGroupPermissions['admins']['reupload-shared'] = true;
$wgGroupPermissions['admins']['unwatchedpages']  = true;
$wgGroupPermissions['admins']['autoconfirmed']   = true;
$wgGroupPermissions['admins']['upload_by_url']   = true;
$wgGroupPermissions['admins']['ipblock-exempt']  = true;
$wgGroupPermissions['admins']['review']          = true;

// Implicit group for all logged-in accounts
$wgGroupPermissions['contributor']['move']            = true;
$wgGroupPermissions['contributor']['read']            = true;
$wgGroupPermissions['contributor']['edit']            = true;
$wgGroupPermissions['contributor']['createpage']      = true;
$wgGroupPermissions['contributor']['createtalk']      = true;
$wgGroupPermissions['contributor']['upload']          = true;
$wgGroupPermissions['contributor']['minoredit']       = true;

// Implicit group for all logged-in accounts
$wgGroupPermissions['readonly']['read']            = true;
$wgGroupPermissions['readonly']['move']            = false;
$wgGroupPermissions['readonly']['edit']            = false;
$wgGroupPermissions['readonly']['createpage']      = false;
$wgGroupPermissions['readonly']['createtalk']      = false;
$wgGroupPermissions['readonly']['upload']          = false;
$wgGroupPermissions['readonly']['minoredit']       = false;

As you can see, readonly group, should only have read permissions. But
when logging in with a readonly account, the account still has
permissions to create a new page or move an existing page.
I have absolutely no idea, why this isn't working and therefore asking
now for some help.

Anything helpful will be much appreciated, and I'm also open to provide
some more information, if required.

Thanks and all the best,
Simon