Manual:$wgNamespaceProtection
Access: $wgNamespaceProtection | |
---|---|
Which namespaces can be edited by whom? |
|
Introduced in version: | 1.10.0 (r19110) |
Removed in version: | Still in use |
Allowed values: | (array of arrays) |
Default value: | $wgNamespaceProtection = []; (1.14+)$wgNamespaceProtection[NS_MEDIAWIKI] = array( 'editinterface' ); (1.10 - 1.13) |
Other settings: Alphabetical | By function |
Details
This configuration parameter allows a wiki to require special permissions to edit some namespaces.
By default, the only restriction is that the MediaWiki namespace can only be edited by users with the 'editinterface '
permission (by default: sysops).
The array's keys are namespace numbers, and the values are simple arrays of permission names. If you list more than one permission for a given namespace, a user must have all of them to edit pages in that namespace.
Since 1.14, the MediaWiki: namespace is unconditionally protected to users with 'editinterface'
right (same as in previous versions).
This is set in Setup.php and cannot be modified in LocalSettings.php since otherwise it's too easy to set it incorrectly and leave the wiki insecure.
If you want to allow other groups than sysops to edit the MediaWiki: namespace, then grant the 'editinterface'
right to those groups.
It's not possible to restrict read access to a certain namespace with $wgNamespaceProtection
.
(See Extension:Lockdown )
Example
Restricting editing of the main namespace
$wgNamespaceProtection[NS_MAIN] = ['edit-main'];
This restricts editing in the main namespace to people in a group with "edit-main" permission.
Setting up custom namespaces with restricted write access
define('NS_OFFICIAL', 100);
define('NS_OFFICIAL_TALK', 101);
$wgExtraNamespaces = [
NS_OFFICIAL => 'Official',
NS_OFFICIAL_TALK => 'Official_talk'
];
$wgNamespaceProtection[NS_OFFICIAL] = ['official-edit'];
$wgNamespaceProtection[NS_OFFICIAL_TALK] = ['official-talk-edit'];
$wgGroupPermissions['managers']['official-edit'] = true; // only managers can edit pages in the Official namespace
$wgGroupPermissions['employees']['official-talk-edit'] = true; // employees can edit pages in the Official_talk namespace
$wgGroupPermissions['managers']['official-talk-edit'] = true; // so can managers
Disabling talk pages
Since "everyone
" is not a core permission, literally everyone gets denied access (including sysops).
Note that you'll still need to remove the tab through other methods (see: Manual:FAQ#How do I add/remove tabs throughout my wiki? )
# Disable all core TALK namespaces
$wgNamespaceProtection[NS_TALK] = ['everyone'];
$wgNamespaceProtection[NS_USER_TALK] = ['everyone'];
$wgNamespaceProtection[NS_PROJECT_TALK] = ['everyone'];
$wgNamespaceProtection[NS_FILE_TALK] = ['everyone'];
$wgNamespaceProtection[NS_MEDIAWIKI_TALK] = ['everyone'];
$wgNamespaceProtection[NS_TEMPLATE_TALK] = ['everyone'];
$wgNamespaceProtection[NS_HELP_TALK] = ['everyone'];
$wgNamespaceProtection[NS_CATEGORY_TALK] = ['everyone'];
See also
- Category:Page specific user rights extensions — more extensions to control page access in some way
- Extension:Lockdown — set any permission for any group per namespace
- Extension:NSFileRepo — set permissions for images and files per namespace (custom local file repository namespace protection — based on Extension:Lockdown )