When our employees search if they were to type in the namespace ie; H1: everything in H1 shows up in a dropdown search. Ideally we would like that not to be searchable. Is there a fix or existing solution for that?
Extension talk:Lockdown
Appearance
This is not possible with this extension. You can restrict access but not appearance in search results.
Thank you Karsten. At least I know. That is unfortunate. I would like to see this extension lockdown access further. I am also finding that media uploaded to a lockdown namespace is also not protected. Do you know if there is a MW freelancer group where I might hire someone that has the ability to add these features?
I am working with a company providing professional MediaWiki development. You may want to contact us.
MediaWiki is simply not designed for that kind of use case, read access restrictions are bound to be "leaky". Hence the fat warning at the top of the extetension documentation.
Filtering search results based on a users access permissions would be possible in theory, but I can't think of an easy way to make that performant. You'd probably need a custom search "engine" implementation.
Karsten is right, best talk to a professional MediaWiki consultancy to analyze your use case and offer solutions. Besides Professional Wiki, a few well known ones are WikiWorks, WikiTeq, and Hallo Welt.
Is this possible?
This should restrict to category read access to sysops:
$wgNamespacePermissionLockdown[NS_CATEGORY]['read'] = [ 'sysop' ];
is there a way to prevend the
- &oldid=
- &diff=
etc. links. That would allow to hide the changes.
Did anyone ever figure this one out? I'd also like to block Anonymous users from diff= links. I see some IPs trying to spider every single revision on my wiki.
i'm not sure how i solved it long time before. i assume it is still open, but at the moment i semi-solved, at least your topic with
$wgActionLockdown['history'] = [ 'user' ];
since the spider can't read history, they doesn't crawl old revisions and diffs. Manually calls are still possible, sadly.
I've installed Lockdown to restrict the special namespace to sysop and cm user groups, but when testing it, it doesn't seem to work.
My LocalSettings.php contains the following:
wfLoadExtension( 'Lockdown' );
$wgNamespacePermissionLockdown[NS_SPECIAL]['*'] = [ 'sysop', 'cm' ];
Any advise? Thanks
Same here.
- Namespaces documented at Manual:Namespace_constants
- Lockdown extension version 86d9ad6
- MediaWiki version 1.39.5
Tried:
$wgNamespacePermissionLockdown[NS_SPECIAL]['*'] = [ 'user' ];
Perhaps is there some way to do a loop to every special page (from what array?) and set $wgSpecialPageLockdown for them.
This works for me to make special pages disappear to anonymous users:
$wgHooks['SpecialPage_initList'][] = function ( &$list ) { $PagesWhiteList = array('Userlogin', 'PasswordReset', 'Categories', 'Tags', 'Search', 'Captcha'); foreach ($list as $PageName => $PageSpecs) { if (!in_array($PageName, $PagesWhiteList) && RequestContext::getMain()->getUser()->isAnon()) { unset( $list[$PageName] ); } } return true; };
Any fixes for this yet? I want to allow only a custom user group to certain pages. Special page lockdown works fine for pre-made user groups but not with custom.
I can't edit pages protected with Lockdown in the VisualEditor. Does anyone know how to fix this?
I think I already solved it, by adding this to LocalSettings.php:
$wgVisualEditorAvailableNamespaces = [ "Category" => true, "Private" => true ];
Hi,
Is there a way to whitelist pages in locked-down namespaces? I have locked down NS_Project but would like read access to Project:General_disclaimer.
Cheers,
I found a workaround
I just updated my wiki to 1.40 and downloaded the newest version of Lockdown in the process. I am getting an error:
Fatal error: Uncaught ExtensionDependencyError: Lockdown is not compatible with the current MediaWiki core (version 1.40.0), it requires: >= 1.41.0. in /home/<mywikidir>/includes/registration/ExtensionRegistry.php:438 Stack trace: #0 /home/<mywikidir>/includes/registration/ExtensionRegistry.php(282): ExtensionRegistry->readFromQueue(Array) #1 /home/<mywikidir>/includes/Setup.php(282): ExtensionRegistry->loadFromQueue() #2 /home/<mywikidir>/includes/WebStart.php(92): require_once('/home/xxx/w...') #3 /home/<mywikidir>/index.php(44): require('/home/xxx/w...') #4 {main} thrown in /home/<mywikidir>/includes/registration/ExtensionRegistry.php on line 438
If you are on MW 1.40 you cannot use master since it indeed requires MW 1.41+. You should use the version from the REL1_40 branch. The extension distributor should offer a download for MW 1.40
I use a script to do the updates, first pulling down the newest version of mediawiki and then doing git pulls on most extensions. Is there a way to pull things from this extension distributor by script? Tenbergen (talk) 14:22, 11 July 2023 (UTC)
Do git pull;git checkout REL1_40
in the extension's directory.
Thank you! Do all the extensions on gerrit follow that? Ie. would I be able to use that syntax to just do a pull for the current version and subversion of mediawiki that I am pulling?
More or less. A REL1_xx branch needs to be present, which I think is the case for all extensions on Gerrit. Otherwise, replace this with the appropriate tag, e.g., 2.3, etc.
Hi, I just updated to MediaWiki 1.37 and get now the following error:
Use of User::getEffectiveGroups was deprecated in MediaWiki 1.35. [Called from MediaWiki\Extensions\Lockdown\Hooks::onGetUserPermissionsErrors in /var/www/html/extensions/Lockdown/src/Hooks.php at line 123] in /var/www/html/includes/debug/MWDebug.php on line 375
I think the code should be fixed here. I hope someone could help out.
Found that in the release Notes of MW 1.35:
The following methods of the User class are deprecated: getGroups, getGroupMemberships, getEffectiveGroups, getAutomaticGroups, addGroup, removeGroup, getFormerGroups, getAllGroups, getImplicitGroups, addAutopromoteOnceGroups. Use the new UserGroupManager service instead.
So I would say, the Extension is not supported for MW 1.37. Hopefully someone will fix that. I am using the extension for so long without any trouble.
Have you upgraded your extension to the newest version? I viewed the commit history and saw one commit fixing it.
I encountered the same problem when using Lockdown from the REL1_37 branch. The commit fixing this issue is only in the master branch right now. Ideally the fix would be merged into REL1_37 so users of Mediawiki 1.37 won't have to choose the master (development) branch.
Hi, i tried to create a new custom namespace, and a group that can edit this namespace and only this namespace, but can read all the other namespaces using the Lockdown extension. Here is the settings i made.
I'm using MW 1.35.
The new namespace is DATALAN, the new group is datalan.
define("CUST", 3001);
define("USR", 3002);
define("DATALAN", 3003);
$wgExtraNamespaces[CUST] = "Customization";
$wgExtraNamespaces[USR] = "Users_guide";
$wgExtraNamespaces[DATALAN] = "Users_guide_SVK";
$wgGroupPermissions['datalan']['read'] = true;
$wgGroupPermissions['datalan']['edit'] = true;
$wgGroupPermissions['datalan']['createpage'] = true;
$wgGroupPermissions['datalan']['delete'] = true;
$wgGroupPermissions['datalan']['move'] = false;
$wgAdminCanReadAll = true;
$wgAccessControlRedirect = false;
$wgNamespacePermissionLockdown['*']['edit'] = [ 'bureaucrat'];
$wgNamespacePermissionLockdown[CUST]['read'] = array( 'bureaucrat','reader');
$wgNamespacePermissionLockdown[USR]['read'] = array( 'bureaucrat','reader');
$wgNamespacePermissionLockdown[DATALAN]['read'] = array( 'bureaucrat','reader', 'datalan' );
$wgNamespacePermissionLockdown[DATALAN]['edit'] = array( 'datalan');
If i enable the Lockdown extension, the edit icon on the pages inside the DATALAN NS are disappearing for the users in the group datalan. The reading restrict acces works perfectly, if a user in a datalan group tries to read a page, that is in CUST namespace or the other.
I woulde be very happy if somene can help me!
Thanks!
hello i'm from indonesia sorry if i'm wrong in english.. #ask i want to create a hidden page on mediawiki so that only me can see/edit the page i tried to use extension lockdown but the problem is i can't configure it. can anyone help with my problem