Sans objet

> If a member has multiple groups, they get the highest permission of any groups.
> ... 
> all registered users are in the 'user' group.

I'd guess that all your logged-in user are part of the 'user' group, which has permission to edit.

I suppose that you could replace all the 'readonly' with 'user' and obtain the desired results.

Hope it helps,

Alexis

On 29/11/11 10:38, Simon Reber wrote :
> Hi all,
> 
> We have setup a mediawiki with some extensions (LDAP authentication,
> FlaggedRevs, etc.)
> It basically works fine, but we have the problem, that specifc
> permissions, assigned to the group are not applied correctly.
> 
> We have three groups (admin, contributor and readonly) - and the
> readonly group, doesn't apply it's desiganted permissions correctly:
> 
> // Most extra permission abilities go to this group
> $wgGroupPermissions['admins']['block']           = true;
> $wgGroupPermissions['admins']['createaccount']   = true;
> $wgGroupPermissions['admins']['delete']          = true;
> $wgGroupPermissions['admins']['deletedhistory']  = true; // can view
> deleted history entries, but not see or restore the text
> $wgGroupPermissions['admins']['editinterface']   = true;
> $wgGroupPermissions['admins']['import']          = true;
> $wgGroupPermissions['admins']['importupload']    = true;
> $wgGroupPermissions['admins']['move']            = true;
> $wgGroupPermissions['admins']['patrol']          = true;
> $wgGroupPermissions['admins']['autopatrol']      = true;
> $wgGroupPermissions['admins']['protect']         = true;
> $wgGroupPermissions['admins']['proxyunbannable'] = true;
> $wgGroupPermissions['admins']['rollback']        = true;
> $wgGroupPermissions['admins']['trackback']       = true;
> $wgGroupPermissions['admins']['reupload']        = true;
> $wgGroupPermissions['admins']['upload']          = true;
> $wgGroupPermissions['admins']['reupload-shared'] = true;
> $wgGroupPermissions['admins']['unwatchedpages']  = true;
> $wgGroupPermissions['admins']['autoconfirmed']   = true;
> $wgGroupPermissions['admins']['upload_by_url']   = true;
> $wgGroupPermissions['admins']['ipblock-exempt']  = true;
> $wgGroupPermissions['admins']['review']          = true;
> 
> // Implicit group for all logged-in accounts
> $wgGroupPermissions['contributor']['move']            = true;
> $wgGroupPermissions['contributor']['read']            = true;
> $wgGroupPermissions['contributor']['edit']            = true;
> $wgGroupPermissions['contributor']['createpage']      = true;
> $wgGroupPermissions['contributor']['createtalk']      = true;
> $wgGroupPermissions['contributor']['upload']          = true;
> $wgGroupPermissions['contributor']['minoredit']       = true;
> 
> // Implicit group for all logged-in accounts
> $wgGroupPermissions['readonly']['read']            = true;
> $wgGroupPermissions['readonly']['move']            = false;
> $wgGroupPermissions['readonly']['edit']            = false;
> $wgGroupPermissions['readonly']['createpage']      = false;
> $wgGroupPermissions['readonly']['createtalk']      = false;
> $wgGroupPermissions['readonly']['upload']          = false;
> $wgGroupPermissions['readonly']['minoredit']       = false;
> 
> 
> As you can see, readonly group, should only have read permissions. But
> when logging in with a readonly account, the account still has
> permissions to create a new page or move an existing page.
> I have absolutely no idea, why this isn't working and therefore asking
> now for some help.
> 
> Anything helpful will be much appreciated, and I'm also open to provide
> some more information, if required.
> 
> Thanks and all the best,
> Simon