Hi everyone,
as I needed some basic protection on some pages of my wiki, I went ahead and implemented a simple ACL mechanism. This is based on the 1.3.11 version of the code, I did not yet look at the 1.4 stuff. I plan to adapt 1.4 when I'm upgrading my site, which will not happen before the final release.
The changed files can be found at http://www.maphi.net/SimpleACLs-1.3.11.zip if anyone is interested.
Now, as I have no idea on how the submittal process works. Is there a chance to include this into the wiki itself, or does it have to be for 1.4 in order to be included? Do I need to submit the changes in a specific format, like a diff? If so, which would be the right tool to use? I'm working on a Windows box, using WinDiff - I guess that's not the right tool here :)
Some background on what I did:
The page SpecialMakesysop allows Developer-Sysops (the user needs both rights) to give arbitrary rights to users. This can be any string, comma-separated for multiples, with a total length of 255 characters because of the DB limit. With the exception of sysop, bureocrat, developer, bot, and hidden (see below) there is no special meaning to any right.
I changed Skin.php, SkinCologneBlue, and SkinPhptal, so that the protect button is available to any user that has any right. As these rights need to be given by someone else, vandalism should not be an issue.
Protecting a page sets its restrictions to the rights of the protecting user. If the user has more than one right, he can specify which of his rights should be applied by editing the restriction string. This is rather error prone, but in my wiki, people have only one right.
The protect page contains a checkbox to hide a page from public view. If this checkbox is set, the "hidden" restriction is added to the page as well.
People can only edit a page if they have all rights (minus hidden) that the page requires. This is straight from the existing code. They also need all rights to unprotect the page.
People can only read hidden pages if they have at least one of the necessary rights.
Sysops can always read, edit, and unprotect all pages.
I did a small change to SearchEngine, so that the search does not give previews if the feature is enabled. Users will see if their search term appears in a hidden page, but that's it.
I left RecentChanges alone, so the page names and change comments are still visible to everyone.
The whole feature can be enabled by setting $wgEnableSimpleACLs to true in LocalSettings.php. You also need to create one developer,sysop user using SQL as described in http://meta.wikimedia.org/wiki/Setting_user_rights_in_MediaWiki. This user then can give rights to other users.
Comments (and bug detections) are welcome.
Regards, MaPhi