Page access settings
From Wikidaritas
Currently, Wikidaritas is set up to allow anyone to view pages in general, and to allow any registered user to create/edit pages in general.
However, there may be instances where it is undesirable to have just anyone easily looking at information, or editing it. So, I've implemented a system for controlling page access based on user groups. Placing a tag in the first line of article text can control both who can view and who can edit articles. It should be noted that this is not foolproof security (see below for caveats), but is pretty good for keeping people out of mildly private stuff.
Contents |
How to do it: the syntax
In the first line of the article text, put in the following code:
<accesscontrol>...</accesscontrol>
where the "..." is a list of user groups. The groups are separated by double commas, so if there were two groups (friendsoftrogdor and shortpeople) that you wanted to allow to view and edit the page, you'd enter:
<accesscontrol>friendsoftrogdor,,shortpeople</accesscontrol>
NOTE that if you use this tag, only users in groups that you list will even be able to see the page. But lets say you want the friendsoftrogdor and shortpeople groups to be able to edit a page, but also let cutebabies to view it (but not edit); in this case, you'd append "(ro)" to the end of any group name that you want to have read-only privelages, like so:
<accesscontrol>friendsoftrogdor,,shortpeople,,cutebabies(ro)</accesscontrol>
Special group for the general public
The extension to the MediaWiki software that I'm working off of (credited below) had no way to let access-controlled pages still be visible to the public, so I tweaked it a bit. If you want anyone (even unregistered users) to be able to view page content, but only want people in certain groups editing it, include the group generalreadonly in your list of user groups, like so:
<accesscontrol>shortpeople,,generalreadonly</accesscontrol>
This example would let only people in the group shortpeople edit the article, but let everyone (including Google, etc.) view it.
NOTE that you don't have to put "(ro)" after "generalreadonly"; because only registered users can edit pages anyway, anonymous users do no more than view pages. And if you want all registered users to be able to edit a page, simply take the tag away altogether!
User groups
Unfortunately, right now those groups have to be created and edited by me (Benito). If you want to create a user group, or add/remove users from a group, send me a message via my talk page, or email me.
Caveats
This system will not provide super-tight security. In particular, content may show up in search results, etc. And if someone really wants to get at stuff, and they know anything about MediaWiki, etc., they can probably figure out a way. However, I think it will work all right for general containment of information. See the original documentation (linked to below) for more details.
Credits: where this came from
The extension I'm using is called AccessControl Extension and was written by Martin Mueller. A download of the original code, as well as a discussion of its mechanics and its usefulness (including security issues) can be found here.
I (Benito) am responsible in this implementation, however, for a few bug fixes as well as the generalreadonly functionality described above.
