Jump to content

매뉴얼:유저 권한

From mediawiki.org
This page is a translated version of the page Manual:User rights and the translation is 15% complete.
Outdated translations are marked like this.

사용자 권한은 다른 사용자 그룹에 할당 할 수있는 권한 (예: 페이지 편집 또는 사용자 차단 기능)입니다. 미디어위키는 기본적인 유저 권한 및 유저 그룹을 가지고 있습니다. 그러나 유저가 편집할 수 있습니다. 이 페이지는 기본 권한과 그룹 및 사용자 편집 방법을 설명합니다.

그룹에서 개별 wiki 사용자를 추가 및 제거하는 방법에 대한 정보는, 도움말:사용자 권한과 사용자 그룹 , Manual:Setting user groups in MediaWiki 를 보세요.

그룹 권한 변경

기본 미디어위키 설치는 기본 그룹에 특정 권한을 할당합니다 (아래 참조). 구문을 사용하여 $wgGroupPermissions 에서 LocalSettings.php 배열을 편집하여 기본 권한을 변경할 수 있습니다.

$wgGroupPermissions['group']['right'] = true /* 또는 거짓 */;
기본 설치에서 $wgGroupPermissionsincludes/DefaultSettings.php에 설정되지만, LocalSettings.php에는 기술되지 않습니다. You will then need to add it in that file.

If a member has multiple groups, they get all the permissions from each of the groups they are in. All users, including anonymous users, are in the '*' group; all registered users are in the 'user' group. In addition to the default groups, you can arbitrarily create new groups using the same array.

예제

This example will disable viewing of all pages not listed in $wgWhitelistRead , then re-enable for registered users only:

$wgGroupPermissions['*']['read'] = false;
# The following line is not actually necessary, since it's in the defaults. Setting '*' to false doesn't disable rights for groups that have the right separately set to true!
$wgGroupPermissions['user']['read'] = true;

This example will disable editing of all pages, then re-enable for users with confirmed email addresses only:

# Disable for everyone.
$wgGroupPermissions['*']['edit'] = false;
# Disable for users, too: by default 'user' is allowed to edit, even if '*' is not.
$wgGroupPermissions['user']['edit'] = false;
# Make it so users with confirmed email addresses are in the group.
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
# Hide group from user list.
$wgImplicitGroups[] = 'emailconfirmed';
# Finally, set it to true for the desired group.
$wgGroupPermissions['emailconfirmed']['edit'] = true;

Creating a new group and assigning permissions to it

$wgGroupPermissions['<group-name>']에 권한을 지정해 줌으로써 새로운 유저 그룹을 만들수 있습니다. <group-name>는 그룹 이름을 의미합니다.

Additionally to assigning permissions, you should create these three wiki pages with fitting content:

  • MediaWiki:Group-<group-name> (content: Name of the group)
  • MediaWiki:Group-<group-name>-member (content: Name of a member of the group)
  • MediaWiki:Grouppage-<group-name> (content: Name of the group page)

By default, bureaucrats can add users to, or remove them from, any group. However, if you are using 매뉴얼:$wgAddGroups and Manual:$wgRemoveGroups , you may need to customize those instead.

예제

이 예제는 사용자를 차단하고 페이지를 삭제할 수 있고 모든 편집은 기본적으로 최근 바뀜에서 숨겨지는 독단적인 "projectmember" 그룹을 만들겠습니다.

$wgGroupPermissions['projectmember']['bot'] = true;
$wgGroupPermissions['projectmember']['block'] = true;
$wgGroupPermissions['projectmember']['delete'] = true;
그룹 이름은 띄어쓰기를 포함할 수 없습니다. 'random group' 대신 'random-group'이나 'random_group'를 사용하세요. Moreover it is recommended to only use lowercase letters to create a group.

In this example, you would probably also want to create these pages:

  • MediaWiki:Group-projectmember (content: Project members)
  • MediaWiki:Group-projectmember-member (content: Project member)
  • MediaWiki:Grouppage-projectmember (content: Project:Project Members)

This will ensure that the group will be referred to as "Project members" throughout the interface, and a member will be referred to as a "Project member", and overviews will link the group name to Project:Project members.

This example disables write access (page editing and creation) by default, creates a group named "writer", and grants it write access. Users can be manually added to this group via Special:UserRights:

$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['writer']['edit'] = true;
$wgGroupPermissions['writer']['createpage'] = true;

In this example, you would probably also want to create these pages:

  • MediaWiki:Group-writer (content: Writers)
  • MediaWiki:Group-writer-member (content: Writer)
  • MediaWiki:Grouppage-writer (content: Project:Write)

Removing predefined groups

MediaWiki out of the box comes with a number of predefined groups. Most of these groups can be removed by unsetting the according array keys, among them $wgGroupPermissions[ '<group-name>' ]. For details, see below.

예제

This example will eliminate the bureaucrat group entirely. It is necessary to ensure that all six of these variables are unset for any group that one wishes to remove from being listed at Special:ListGroupRights; however, merely unsetting $wgGroupPermissions will suffice to remove it from Special:UserRights. This code should be placed after any require_once lines that add extensions, such as 확장기능:안티스푸프 containing code that gives bureaucrats group permissions by default.

unset( $wgGroupPermissions['bureaucrat'] );
unset( $wgRevokePermissions['bureaucrat'] );
unset( $wgAddGroups['bureaucrat'] );
unset( $wgRemoveGroups['bureaucrat'] );
unset( $wgGroupsAddToSelf['bureaucrat'] );
unset( $wgGroupsRemoveFromSelf['bureaucrat'] );

In some extensions (Flow, Semantic MediaWiki, etc.), rights are added during extension registration or in a registration function. In this case, it could be necessary to use a registration function in LocalSettings.php to remove some predefined user groups:

$wgExtensionFunctions[] = function() use ( &$wgGroupPermissions ) {
    unset( $wgGroupPermissions['oversight'] );
    unset( $wgGroupPermissions['flow-bot'] );
};

Note on the group called "user"

With the above mechanism, you can remove the groups sysop, bureaucrat and bot, which - if used - can be assigned through the usual user permission system. However, it is currently impossible to remove the user group. This group is not assigned through the usual permission system. Instead, every registered user automatically is a member of that group. This is hardcoded in MediaWiki and currently cannot be changed easily.

권한 목록

The following user rights are available in the latest version of MediaWiki. If you are using an older version, look at Special:Version on your wiki and see if your version is covered in the "Versions" column.

권한 설명 User groups that have this right by default 버전
읽기
read 문서 읽기 - when set to false, override for specific pages with $wgWhitelistRead
경고 경고: Setting the user right read (allow viewing pages) to false will only protect wiki (article, talk, ...) pages, but uploaded files (images, files, docs... in the $wgUploadPath subdirectories) will always remain readable via direct access by default.
Use the information from Manual:Image authorization and img_auth.php pages when you have the need to restrict image views and file download access to only logged-in users.
*, user 1.5+
편집
applychangetags 자신이 편집할 때 태그를 적용하기 - requires the edit right user 1.25+
autocreateaccount 외부 사용자 계정으로 자동 로그인 - a more limited version of createaccount 1.27+
createaccount 새 사용자 계정 만들기 - register / registration *, sysop 1.5+
createpage 문서 만들기 (토론 문서 제외) - requires the edit right *, user 1.6+
createtalk 토론 문서 만들기 - requires the edit right *, user 1.6+
delete-redirect 판이 하나인 넘겨주기를 삭제 (note that this is not needed if the group already has the delete right) 1.36+
edit 문서 편집 *, user 1.5+
editsemiprotected "Allow only autoconfirmed users" 단계로 보호된 문서 편집 - without cascading protection - requires the edit right autoconfirmed, bot, sysop 1.22+
editprotected "Allow only administrators" 단계로 보호된 문서 편집 - without cascading protection - requires the edit right sysop 1.13+
minoredit 사소한 편집으로 표시 - requires the edit right user 1.6+
move 문서 이동 - requires the edit right user, sysop 1.5+
move-categorypages 분류 문서 이동 - requires the move right user, sysop 1.25+
move-rootuserpages 최상위 사용자 문서 이동 - requires the move right user, sysop 1.14+
move-subpages 문서와 하위 문서 이동하기 - requires the move right user, sysop 1.13+
movefile 파일 이동 - requires the move right as well user, sysop 1.14+
reupload 이미 존재하는 파일을 다시 올리기 - requires the upload right user, sysop 1.6+
reupload-own 자신이 이미 올린 파일 덮어쓰기 - requires the upload right (note that this is not needed if the group already has the reupload right) 1.11+
reupload-shared 공용의 파일을 무시하고 로컬에서 파일 올리기 - (if one is set up) with local files (requires the upload right) user, sysop 1.6+
sendemail 다른 사용자에게 이메일 보내기 user 1.16+
upload 파일 올리기 - requires the edit right and $wgEnableUploads to be true user, sysop 1.5+
upload_by_url URL 주소에서 파일 올리기 - requires the upload right (Prior to 1.20 it was given to sysops) 1.8+
<span id="Management">Management
bigdelete 문서 역사가 긴 문서를 삭제 (as determined by $wgDeleteRevisionsLimit ) - requires the delete right sysop 1.12+
block 다른 사용자가 편집을 못하도록 차단 또는 차단 해제 - Block options include preventing editing and registering new accounts, and autoblocking other users on the same IP address sysop 1.5+
blockemail 다른 사용자가 이메일을 보내지 못하도록 차단 또는 차단 해제 - allows preventing use of the Special:Emailuser interface when blocking - requires the block right sysop 1.11+
browsearchive 삭제된 문서 검색 - through Special:Undelete - requires the deletedhistory right sysop 1.13+
changetags 문서의 특정 판과 특정 기록 항목에 임의의 태그를 추가하거나 제거하기 - currently unused by extensions user 1.25+
delete 문서 삭제 1.5–1.11: allows the deletion or undeletion of pages.
1.12+: allows the deletion of pages. For undeletions, there is now the 'undelete' right, see below
sysop 1.5+
deletedhistory 삭제된 문서의 내용을 제외한 역사를 보기 sysop 1.6+
deletedtext 삭제된 문서의 내용과 편집상의 차이를 보기 sysop 1.16+
deletelogentry 특정 기록 항목을 삭제 및 되살리기 - allows deleting/undeleting information (action text, summary, user who made the action) of specific log entries - requires the deleterevision right suppress 1.20+
deleterevision 문서의 특정 판을 삭제 및 되살리기 - allows deleting/undeleting information (revision text, edit summary, user who made the edit) of specific revisions Split into deleterevision and deletelogentry in 1.20 suppress 1.6+
editcontentmodel 문서의 콘텐츠 모델을 편집 - requires the edit right user 1.23.7+
editinterface 사용자 인터페이스를 편집 - contains interface messages. For editing sitewide CSS/JSON/JS, there are now segregate rights, see below. - requires the edit right sysop, interface-admin 1.5+
editmyoptions 자신의 환경 설정 편집 * 1.22+
editmyprivateinfo 자신의 개인정보 데이터(이메일 주소, 실명 등)를 편집하고 비밀번호 초기화 메일을 요청하세요 - also hides the "Change Password", but not other ways to change the password - requires the viewmyprivateinfo right * 1.22+
editmyusercss 자신의 사용자 CSS 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the editusercss right) - requires the edit right user 1.22+
editmyuserjs 자신의 사용자 자바스크립트 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the edituserjs right) - requires the edit right user 1.22+
editmyuserjsredirect 넘겨주기인 자신의 사용자 자바스크립트 파일 편집하기 (note that this is not needed if the group already has the edituserjs right) - requires the edit right 1.34+
editmyuserjson 자신의 사용자 JSON 파일 편집하기 (note that this is not needed if the group already has the edituserjson right) - requires the edit right user 1.31+
editmywatchlist 자신의 주시문서 목록을 편집합니다. (이 권한이 없어도 문서를 추가할 수 있는 권한이 이외에도 있음을 참고하세요) - requires the viewmywatchlist right * 1.22+
editsitecss 사이트 CSS 편집 - requires the editinterface right interface-admin 1.32+
editsitejs 사이트 자바스크립트 편집 - requires the editinterface right interface-admin 1.32+
editsitejson 사이트 JSON 편집 - requires the editinterface right sysop, interface-admin 1.32+
editusercss 다른 사용자의 CSS 문서를 편집 - requires the edit right interface-admin 1.16+
edituserjs 다른 사용자의 자바스크립트 문서를 편집 - requires the edit right interface-admin 1.16+
edituserjson 다른 사용자의 JSON 파일을 편집 - requires the edit right sysop, interface-admin 1.31+
hideuser 사용자 이름을 차단 및 차단 해제하고 비공개 또는 공개 처리 - Only users with 1000 edits or less can be suppressed by default - requires the block right

Use $wgHideUserContribLimit to disable.

suppress 1.10+
markbotedits 되돌리기를 봇의 편집으로 취급 가능 - see Manual:Rollback - requires the rollback right sysop 1.12+
mergehistory 문서 역사를 합치기 - requires the edit right sysop 1.12+
pagelang 문서 언어 바꾸기 - $wgPageLanguageUseDB must be true 1.24+
patrol 다른 사용자의 편집을 점검된 것으로 표시 - $wgUseRCPatrol must be true sysop 1.5+
patrolmarks 최근 바뀜에서 점검 표시를 보기 1.16+
protect 보호 설정 바꾸기 및 연쇄 보호된 문서 편집 - requires the edit right sysop 1.5+
rollback 특정 문서를 편집한 마지막 사용자의 편집을 신속하게 되돌리기 - requires the edit right sysop 1.5+
suppressionlog 감춰진 기록을 보기 suppress 1.6+
suppressrevision 어떤 사용자도 보지 못하도록 감춰진 판을 검토하고 되살리기 - Prior to 1.13 this right was named hiderevision - requires the deleterevision right suppress 1.6+
unblockself 자신을 차단 해제하기 - Without it, an administrator that has the capability to block cannot unblock themselves if blocked by another administrator sysop 1.17+
undelete 삭제된 문서 되살리기 - requires the deletedhistory right sysop 1.12+
userrights 사용자의 모든 권한 조정 - allows the assignment or removal of all(*) groups to any user.

(*)With $wgAddGroups and $wgRemoveGroups you can set the possibility to add/remove certain groups instead of all

bureaucrat 1.5+
userrights-interwiki 다른 위키의 사용자 권한을 조정 - requires the userrights right 1.12+
viewmyprivateinfo 자신의 개인정보 보기 (이메일 주소, 실명 등) * 1.22+
viewmywatchlist 자신의 주시문서 목록 보기 * 1.22+
viewsuppressed 어떤 사용자도 보지 못하도록 감춰진 판 보기 - i.e. a more narrow alternative to "suppressrevision" (note that this is not needed if the group already has the suppressrevision right) suppress 1.24+
<span id="Administration">Administration
autopatrol 자신의 편집을 자동으로 점검된 판으로 표시 - $wgUseRCPatrol must be true bot, sysop 1.9+
deletechangetags 데이터베이스에서 태그를 지우기 - currently unused by extensions sysop 1.28+
import 다른 위키에서 문서 가져오기 - "transwiki" - requires the edit right sysop 1.5+
importupload 파일 올리기를 통해 문서 가져오기 - This right was called 'importraw' in and before version 1.5 - requires the edit right sysop 1.5+
managechangetags 데이터베이스에서 태그를 만들거나 지우기 - currently unused by extensions sysop 1.25+
siteadmin 데이터베이스를 잠그거나 잠금 해제 - which blocks all interactions with the web site except viewing. (not available by default) 1.5+
unwatchedpages 주시되지 않은 문서 목록 보기 - lists pages that no user has watchlisted sysop 1.6+
<span id="Technical">Technical
apihighlimits API 쿼리에서 더 높은 제한 사용 bot, sysop 1.12+
autoconfirmed IP 기반의 속도 제한에 영향을 받지 않음 - used for the 'autoconfirmed' group, see the other table below for more information (note that this is not needed if the group already has the noratelimit right) autoconfirmed, bot, sysop 1.6+
bot 봇의 편집으로 취급 - can optionally be viewed bot 1.5+
ipblock-exempt IP 차단, 자동 차단, 광역 차단을 무시 sysop 1.9+
nominornewtalk 토론 문서에서 사소한 편집으로 새 메시지 알림을 보내지 않기 - requires the minoredit right bot 1.9+
noratelimit 속도 제한에 영향을 받지 않음 - not affected by rate limits (prior to the introduction of this right, the configuration variable $wgRateLimitsExcludedGroups was used for this purpose) sysop, bureaucrat 1.13+
override-export-depth 최대 5단계로 링크된 문서를 포함하여 문서를 내보내기
With this right, you can define the depth of linked pages at Special:Export. Otherwise, the value of $wgExportMaxLinkDepth , which is 0 by default, will be used.
1.15+
suppressredirect 문서를 이동할 때 원래 문서 이름으로 된 넘겨주기를 만들지 않기 - requires the move right bot, sysop 1.12+
Although these permissions all control separate things, sometimes to perform certain actions you need multiple permissions. For example allowing people to edit but not read pages doesn't make sense, since in order to edit a page you must first be able to read it (Assuming no pages are allowlisted). Allowing uploads but not editing does not make sense, since in order to upload an image you must implicitly create an image description page, etc.


그룹 목록

The following groups are available in the latest version of MediaWiki. If you are using an older version then some of these may not be implemented.

그룹 설명 기본 권한 버전
* 모든 사용자 (익명 사용자 포함). createaccount, createpage, createtalk, edit, editmyoptions, editmyprivateinfo, editmywatchlist, read, viewmyprivateinfo, viewmywatchlist 1.5+
temp Temporary user accounts (T330816) Similar to * group 1.41+
user 계정 생성. Does not include temporary accounts. applychangetags, changetags, createpage, createtalk, edit, editcontentmodel, editmyusercss, editmyuserjs, editmyuserjson, minoredit, move, move-categorypages, move-rootuserpages, move-subpages, movefile, purge, read, reupload, reupload-shared, sendemail, upload 1.13+
autoconfirmed Registered accounts at least as old as $wgAutoConfirmAge and having at least as many edits as $wgAutoConfirmCount . autoconfirmed, editsemiprotected 1.6+
bot Accounts with the bot right (intended for automated scripts). autoconfirmed, autopatrol, apihighlimits, bot, editsemiprotected, nominornewtalk, suppressredirect 1.5+
sysop Users who by default can delete and restore pages, block and unblock users, etc. apihighlimits, autoconfirmed, autopatrol, bigdelete, block, blockemail, browsearchive, createaccount, delete, deletedhistory, deletedtext, editinterface, editprotected, editsemiprotected, editsitejson, edituserjson, import, importupload, ipblock-exempt, managechangetags, markbotedits, mergehistory, move, move-categorypages, move-rootuserpages, move-subpages, movefile, noratelimit, patrol, protect, reupload, reupload-shared, rollback, suppressredirect, unblockself, undelete, unwatchedpages, upload 1.5+
interface-admin Users who can edit sitewide CSS/JS. editinterface, editsitecss, editsitejs, editsitejson, editusercss, edituserjs, edituserjson 1.32+
bureaucrat Users who can change the rights of other users by default and therefore have full access of the entire wiki. noratelimit, userrights 1.5+
suppress deletelogentry, deleterevision, hideuser, suppressionlog, suppressrevision, viewsuppressed 1.13+

From MW 1.12, you can create your own groups into which users are automatically promoted (as with autoconfirmed and emailconfirmed) using $wgAutopromote . You can even create any custom group by just assigning rights to them.

기본 권한

The default rights are defined in MainConfigSchema.php .

  • Default values in HEAD version:

https://phabricator.wikimedia.org/diffusion/MW/browse/master/includes/MainConfigSchema.php

  • The default values in the latest stable MediaWiki release, version 1.42, are available here:

https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_42/includes/MainConfigSchema.php

  • Additional rights: you should be able to list all the permissions available on your wiki by running PermissionManager::getAllRights().

새 권한 만들기

Information for coders only follows.

If you're adding a new right in core, for instance to control a new special page, you are required to add it to the list of available rights in PermissionManager.php , $coreRights (example). If you're doing so in an extension , you instead need to use $wgAvailableRights .

You probably also want to assign it to some user group by editing $wgGroupPermissions described above.

If you want this right to be accessible to external applications by OAuth or by bot passwords, then you will need to add it to a grant by editing $wgGrantPermissions .

// create projectmember-powers right
$wgAvailableRights[] = 'projectmember-powers';

// add projectmember-powers to the projectmember-group
$wgGroupPermissions['projectmember']['projectmember-powers'] = true;

// add projectmember-powers to the 'basic' grant so we can use our projectmember powers over an API request
$wgGrantPermissions['basic']['projectmember-powers'] = true;

You also need to add right-[name] and action-[name] interface messages to /languages/i18n/en.json (with documentation in qqq.json). The right-* messages can be seen on Special:ListGroupRights and the action-* messages are used in a sentence like "You do not have permission to ...".

같이 보기