Wiki Extension

From Eckerd Academic Wiki

Below is the Modified Extension, originally by by Petr Andreev[1] used to run this Wiki and works for version listed below. You need to add this extension to the extensions directory and then add some lines to LocalSettings.php ( see here)

This allows fine access management so that, in an academic setting, students can have permission only to edit courses which they are a part of. The default user has almost no power except the ability to read. If interested in this extension please also read the original WikiMedia page (and discussion) on it before implementing.

There were only minor changes between updates for this file. I had a null issue (look at bottom of extension)

Note the Security Warnings for this Extension

New Version MediaWiki 1.12.0

Also another bug (from the discussion page)

This is a know bug on 1.12, to resolve it, you can remove lines 1386 to 1388 in includes/Title.php wich are like this:

# Shortcut for public wikis, allows skipping quite a bit of code path 
if ($wgGroupPermissions['*']['read']) 
    return true;

Installed software

Product 	Version MediaWiki 	1.12.0
PHP 	5.1.6 (apache2handler)
MySQL 	4.1.14

Extension functions

wfNamespacePermissions

Hooks

Hook name Subscribed by

userCan namespacePermissionsCheckNamespace

 
 
<?php
/* NamespacePermissions - MediaWiki extension
 * 
 * provides separate permissions for each action (read,edit,create,move) 
 * on articles in custom namespaces for fine access management
 *
 * Author: Petr Andreev
 *  THIS WAS MODIFIED SLIGHTLY BY S. WEPPNER
 * Sample usage:
 *
 * $wgExtraNamespaces = array(100 => "Foo", 101 => "Foo_Talk");
 * // optional (example): allow registered users to view and edit articles in Foo 
 * $wgGroupPermissions[ 'user' ][ 'ns100_read' ] = true;
 * $wgGroupPermissions[ 'user' ][ 'ns100_edit' ] = true;
 * // end of optional
 * require('extensions/NamespacePermissions.php');
 * 
 * Permissions provided:
 *   # ns{$num}_read
 *   # ns{$num}_edit
 *   # ns{$num}_create
 *   # ns{$num}_move
 * where {$num} - namespace number (e.g. ns100_read, ns101_create)
 *
 * Groups provided:
 *   # ns{$title}RW - full access to the namespace {$title}
 *   # ns{$title}RO - read-only access to the namespace {$title}
 *   e.g. nsFoo_talkRW, nsFooRO 
 */
 
// permissions for autocreated groups should be set now,
// before the User object for current user is instantiated
namespacePermissionsCreateGroups();
// other stuff should better be done via standard mechanism of running extensions
$wgExtensionFunctions[] = "wfNamespacePermissions";
 
// create groups for each custom namespace
function namespacePermissionsCreateGroups() {
    global $wgExtraNamespaces, $wgGroupPermissions;
    foreach ( $wgExtraNamespaces as $num => $title ) {
//        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_edit" ] = true;  ** COMMENTED OUT BY S. WEPPNER
//        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_read" ] = true;
//        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_create" ] = true; ** Default is now false
//        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_move" ] = true;   ** All permissions must be turned on
//        $wgGroupPermissions[ "ns{$title}RO" ][ "ns{$num}_read" ] = true;  ** End COMMENTED OUT BY S. WEPPNER
    }
}
 
function wfNamespacePermissions() {
    global $wgHooks;
 
    // use the userCan hook to check permissions
    $wgHooks[ 'userCan' ][] = 'namespacePermissionsCheckNamespace';
}
 
function namespacePermissionsCheckNamespace( $title, $user, $action, $result ) {
    global $wgUser;
    $result = true;
    if ( (( $ns = $title->getNamespace() ) >= 100 )  ||
         (( $ns = $title->getNamespace() ) < 2    ) ||      //** ADDITION BY S. WEPPNER 
         (( $ns = $title->getNamespace() ) == 4    ) ||    // TO STOP EDITS on MAIN NAMESPACE ETC.
         (( $ns = $title->getNamespace() ) == 8    )
       )
    {
        if ( ! $user->isAllowed("ns{$ns}_{$action}") ) {
            $result=false;
        }
       if (in_array ("professor", $wgUser->getGroups()) &&$action !='read' && ($action!='move'))
            $result=true;
    }
//    return null; On update This caused a crash, fixed line below
      return $result;
}
 
/* It turns out that you cannot delete, edit, watch, check history, etc. if you cannot read
The only exception seems to be move. This gives professor the right to delete, etc. */
?>
 

Older Version MediaWWiki 1.6.8

It has been tested on this version:

---

• MediaWiki: 1.6.8
• PHP: 4.3.9 (apache2handler)
• MySQL: 4.1.14-log
• Extensions:

o Extension functions: + wfNamespacePermissions

• Hooks:

o userCan: namespacePermissionsCheckNamespace

---

Feel free to contact me with questions--Weppnesp 22:37, 17 February 2007 (EST)

 
 
 <?php
 /* NamespacePermissions - MediaWiki extension
 * 
 * provides separate permissions for each action (read,edit,create,move) 
 * on articles in custom namespaces for fine access management
 *
 * Author: Petr Andreev
 *  THIS WAS MODIFIED SLIGHTLY BY S. WEPPNER, Eckerd College (SEE Below)
 * Sample usage:
 *
 * $wgExtraNamespaces = array(100 => "Foo", 101 => "Foo_Talk");
 * // optional (example): allow registered users to view and edit articles in Foo 
 * $wgGroupPermissions[ 'user' ][ 'ns100_read' ] = true;
 * $wgGroupPermissions[ 'user' ][ 'ns100_edit' ] = true;
 * // end of optional
 * require('extensions/NamespacePermissions.php');
 * 
 * Permissions provided:
 *   # ns{$num}_read
 *   # ns{$num}_edit
 *   # ns{$num}_create
 *   # ns{$num}_move
 * where {$num} - namespace number (e.g. ns100_read, ns101_create)
 *
 * Groups provided:
 *   # ns{$title}RW - full access to the namespace {$title}
 *   # ns{$title}RO - read-only access to the namespace {$title}
 *   e.g. nsFoo_talkRW, nsFooRO 
 */
 *
 // permissions for autocreated groups should be set now,
 // before the User object for current user is instantiated
 namespacePermissionsCreateGroups();
 // other stuff should better be done via standard mechanism of running extensions
 $wgExtensionFunctions[] = "wfNamespacePermissions";
 *
 // create groups for each custom namespace
 function namespacePermissionsCreateGroups() {
    global $wgExtraNamespaces, $wgGroupPermissions;
    foreach ( $wgExtraNamespaces as $num => $title ) {
 //        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_edit" ] = true;  ** COMMENTED OUT BY S. WEPPNER
 //        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_read" ] = true;
 //        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_create" ] = true; ** Default is now false
 //        $wgGroupPermissions[ "ns{$title}RW" ][ "ns{$num}_move" ] = true;   ** All permissions must be turned on
 //        $wgGroupPermissions[ "ns{$title}RO" ][ "ns{$num}_read" ] = true;  ** End COMMENTED OUT BY S. WEPPNER
    }
 }
 *
 function wfNamespacePermissions() {
    global $wgHooks;
 *
    // use the userCan hook to check permissions
    $wgHooks[ 'userCan' ][] = 'namespacePermissionsCheckNamespace';
 }
 *
 function namespacePermissionsCheckNamespace( $title, $user, $action, $result ) {
    if ( (( $ns = $title->getNamespace() ) >= 100 ) ||
         (( $ns = $title->getNamespace() ) < 2    ) ||      //** ADDITION BY S. WEPPNER 
         (( $ns = $title->getNamespace() ) == 4    ) ||    // TO STOP EDITS on MAIN NAMESPACE 
         (( $ns = $title->getNamespace() ) == 8    )  )    // Talk Namespace, Project Namespace
    {                                                      // ** End ADDITION by S. Weppner
        if ( ! $user->isAllowed("ns{$ns}_{$action}") ) {
            $result = false;
            return false;
        }
    }
    return null;
 }
 ?>