Jump to content

Topic on Project:Support desk/Flow

[RESOLVED] Protect Special pages

12
200.201.164.98 (talkcontribs)

How can I protect Special:Special_pages to only registered user read? I already have $wgGroupPermissions['*']['edit'] = false; but I don't want everyone see Special pages

88.130.69.74 (talkcontribs)

$wgGroupPermissions['*']['read'] = false; prevents viewing the complete wiki for anonymous users. What you need might be possible based on Namespaces. See Manual:Namespace.

200.201.164.98 (talkcontribs)

I don't want to block all pages to anonymous, I just want to block Special pages. I read this Manual:Namespace, and I want to block anonymous to view "Special" with namespace -1. How can I do that?

88.130.69.74 (talkcontribs)

Now that you have described so clearly what you want, I think this is possible with a hook.

Check the list Manual:Hooks and pick the one, which is executed, when a user tries to view a page. Then inside this hook you can check, if the current page is in namespace "-1" and if the user is currently logged in. If the page is in namespace "-1" and the user is not logged in, set permission to view the page to false.

200.201.164.98 (talkcontribs)

I read Manual:Hooks but I cant find what I want, sorry...I just found a ArticleViewHeader option, in this case I can use like this: $wgHooks['ArticleViewHeader'][] = array( 'namespace -1 view = false' );. Is this? How can I write that code?

MarkAHershberger (talkcontribs)
200.201.164.98 (talkcontribs)

Manual:Special_pages#Restricting_page_access This is exact what I want! but I don't know how use in my wiki, I have to add this on my LocalSettings: function __construct() {

       parent::__construct( 'MyExtension', 'editinterface' ); // restrict to sysops

}

?

MarkAHershberger (talkcontribs)

That code snippet is for writing your own special page. You need to look at the code on the link I provided or further down on Special pages. Adding something like this to your LocalSettings.php should work, but I haven't tested this:

function disableAllSpecialPages(&$list) {
  global $wgUser;

  if(!$wgUser->isAllowed('editinterface')) {
    $list = array();
  }
  return true;
}
$wgHooks['SpecialPage_initList'][]='disableAllSpecialPages';
JazzoWiki (talkcontribs)

The above code snippet by Mark works great! Just some difference:

  • Use isLoggedIn instead of isAllowed
  • Enable the "Login Page" (that is a Special page)

So you can do it adding this row:

function disableAllSpecialPages(&$list) {
  global $wgUser;
  if(!$wgUser->isLoggedIn()) {
    $list = array();
    // Enable Login page
    $list['Userlogin'] = "LoginForm";
  }
  return true;
}
$wgHooks['SpecialPage_initList'][]='disableAllSpecialPages';
85.240.32.6 (talkcontribs)

This works like a charm! only login is allowed even the user knows the special pages names and paths!

Thanks a lot!

David

49.228.211.138 (talkcontribs)

Unfortunately, whilst hiding special pages, UserLogin now returns an internal error - Fatal exception of type "Wikimedia\Assert\ParameterAssertionException"

AhmadF.Cheema (talkcontribs)

The above hack is 4 years old and might not work as is.

Would be easier to simply use Extension:Lockdown.