Jump to content

Topic on Project:Support desk/Flow

[RESOLVED] Permission to edit pages only if user belongs to that group

16
Chethankswamy (talkcontribs)

Hello All, I am new to MediaWiki, I wanted to know is there a way to allow user to edit a specific page only if that page is created by the user who is of the same group. For instance if user A who belongs to a group YYY creates a page XYZ, and the user B can edit XYZ page only if that person belongs to YYY group.

Please let me know what setting I need to make to achieve this.


Thanks Chethan K

MarkAHershberger (talkcontribs)

You can set aside a namespace (say "YYY:") that is only editable by people in the YYY group using Extension:Lockdown.

Chethankswamy (talkcontribs)

Hi, First of all thanks for replying, I tried creating a custom namespace and created a page (yyy group), but even the user who belongs to "xxx" was able to edit, below is the setting that i used, please let me know where I have gone wrong.

require_once( "$IP/extensions/Lockdown/Lockdown.php" );
$wgGroupPermissions['*']['edit'] = false;
$wgEmailConfirmToEdit = true;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Start with assigning the default permissions from group "user"
$wgGroupPermissions['YYY'] = $wgGroupPermissions['user'];
$wgGroupPermissions['YYY']['delete'] = true;
$wgGroupPermissions['YYY']['protect'] = true;
$wgGroupPermissions['YYY']['patrol'] = true;
$wgGroupPermissions['YYY']['purge'] = true; # delete the cache of a page
$wgGroupPermissions['YYY']['edit'] = true;
$wgGroupPermissions['YYY']['createpage'] = true;


# Start with assigning the default permissions from group "user"
$wgGroupPermissions['XXX'] = $wgGroupPermissions['user'];
$wgGroupPermissions['XXX']['delete'] = true;
$wgGroupPermissions['XXX']['protect'] = true;
$wgGroupPermissions['XXX']['patrol'] = true;
$wgGroupPermissions['XXX']['purge'] = true; # delete the cache of a page
$wgGroupPermissions['XXX']['edit'] = true;
$wgGroupPermissions['XXX']['createpage'] = true;

#define constants for your custom namespaces, for a more readable configuration
define('NS_YYY', 100);
define('NS_XXX', 101);
 
#define custom namespaces
$wgExtraNamespaces[NS_YYY] = 'yyy';
$wgExtraNamespaces[NS_XXX] = 'xxx';
 
#restrict "read" permission to logged in users
$wgNamespacePermissionLockdown[NS_YYY]['read'] = array('yyy');
$wgNamespacePermissionLockdown[NS_YYY]['edit'] = array('yyy');
$wgNamespacePermissionLockdown[NS_YYY]['createpage'] = array('yyy');

$wgNamespacePermissionLockdown[NS_XXX]['read'] = array('xxx');
$wgNamespacePermissionLockdown[NS_XXX]['edit'] = array('xxx');
$wgNamespacePermissionLockdown[NS_XXX]['createpage'] = array('xxx');

#prevent inclusion of pages from that namespace
$wgNonincludableNamespaces[] = NS_YYY;
$wgNonincludableNamespaces[] = NS_XXX;



Thanks Chethan K

MarkAHershberger (talkcontribs)

You have a typo above. If you fix these, does it work?

I'm looking at these two lines:

$wgNamespacePermissionLockdown[NS_YYY['createpage'] = array('yyy');
#...
$wgNamespacePermissionLockdown[NS_XXX['createpage'] = array('xxx');

These should be

$wgNamespacePermissionLockdown[NS_YYY]['createpage'] = array('yyy');
#...
$wgNamespacePermissionLockdown[NS_XXX]['createpage'] = array('xxx');

Those syntax errors make me wonder if MediaWiki was even reading the file where you put these changes. If the file were read as PHP, it should error out.

Chethankswamy (talkcontribs)

Sorry it was a typo error while posting, its fine in the code which I have.

MarkAHershberger (talkcontribs)

in the $wgGroupPermissions section, you've given "YYY" and "XXX" as the group names, but in the $wgNamespacePermissionLockdown section, you've given "yyy" and "xxx". Group names are case sensitive, so you have four different groups.

Also, I recommend using "YYY" and "XXX" instead of the lower-case versions for your namespace names.

Chethankswamy (talkcontribs)

ya I modified that, but still the issue persists :(

MarkAHershberger (talkcontribs)

To avoid me misinterpreting what you currently have, could you paste your updated file here sans typos?

Chethankswamy (talkcontribs)

Sorry for the confusion caused, I have pasted the entire settings present in LocalSettings.php file

MarkAHershberger (talkcontribs)

I used your settings on a 1.20.2 wiki and it worked for me. What version is your wiki?

Chethankswamy (talkcontribs)

I am using 1.21.2 wiki version

MarkAHershberger (talkcontribs)

Alright, so I updated to 1.21.2 and am using the following LocalSettings.php:

which is should be the same as yours modulo some debugging and password stuff.

And it is working for me.

Could you tell me what exactly what pages you are looking at and what happens?

Here is what I am doing:

  1. Not logged in
    1. aec:AecTest -- "You do not have permission to read this page... limited to users in the group: rerun."
    2. rerun:RerunTest -- "You do not have permission to read this page... limited to users in the group: rerun."
  2. Logged in as User:Test which is in the aec group
    1. aec:AecTest -- see content which is "test can see, bogus can't"
    2. rerun:RerunTest -- "You do not have permission to read this page... limited to users in the group: rerun."
  3. Logged in as User:Bogus which is in the rerun group
    1. aec:AecTest -- "You do not have permission to read this page... limited to users in the group: rerun."
    2. rerun:RerunTest -- see content which is "Bogus can see, Test cannot"
Chethankswamy (talkcontribs)

Thats exactly what I am looking for. But I am not able to do that :(. Here is what I am doing,

  1. Logged in as admin, then created an new account Testaec
  2. Went to user rights management, searched for Testaec user and added that user to aec group and saved.
  3. Logged in as User:Testaec,
  4. Created a "test aec page" and saved. Then logged out.
  5. Logged in as User:Testrerun (which belongs to rerun group, which I create the same way as above)
  6. Searched for "test aec page" and was able to view and edit that page :(

Please let me know should I try reinstalling wiki or where I am doing wrong


Below is my group permission page details: ==============

  1. (all)
    1. Create discussion pages (createtalk)
    2. Read pages (read)
    3. Use of the write API (writeapi)
  1. aec (list of members)
    1. Change protection levels and edit protected pages (protect)
    2. Create discussion pages (createtalk)
    3. Create pages (which are not discussion pages) (createpage)
    4. Delete pages (delete)
    5. Edit pages (edit)
    6. Mark edits as minor (minoredit)
    7. Mark others' edits as patrolled (patrol)
    8. Move files (movefile)
    9. Move pages (move)
    10. Move pages with their subpages (move-subpages)
    11. Move root user pages (move-rootuserpages)
    12. Override files on the shared media repository locally (reupload-shared)
    13. Overwrite existing files (reupload)
    14. Purge the site cache for a page without confirmation (purge)
    15. Read pages (read)
    16. Send email to other users (sendemail)
    17. Upload files (upload)
    18. Use of the write API (writeapi)
  1. Autoconfirmed users
    1. Edit semi-protected pages (autoconfirmed)
  1. Bots (list of members)
    1. Be treated as an automated process (bot)
    2. Edit semi-protected pages (autoconfirmed)
    3. Have one's own edits automatically marked as patrolled (autopatrol)
    4. Not create redirects from source pages when moving pages (suppressredirect)
    5. Not have minor edits to discussion pages trigger the new messages prompt (nominornewtalk)
    6. Perform CAPTCHA-triggering actions without having to go through the CAPTCHA (skipcaptcha)
    7. Use higher limits in API queries (apihighlimits)
    8. Use of the write API (writeapi)
  1. Bureaucrats (list of members)
    1. Edit all user rights (userrights)
    2. Not be affected by rate limits (noratelimit)
    3. Rename users (renameuser)
  1. rerun (list of members)
    1. Change protection levels and edit protected pages (protect)
    2. Create discussion pages (createtalk)
    3. Create pages (which are not discussion pages) (createpage)
    4. Delete pages (delete)
    5. Edit pages (edit)
    6. Mark edits as minor (minoredit)
    7. Mark others' edits as patrolled (patrol)
    8. Move files (movefile)
    9. Move pages (move)
    10. Move pages with their subpages (move-subpages)
    11. Move root user pages (move-rootuserpages)
    12. Override files on the shared media repository locally (reupload-shared)
    13. Overwrite existing files (reupload)
    14. Purge the site cache for a page without confirmation (purge)
    15. Read pages (read)
    16. Send email to other users (sendemail)
    17. Upload files (upload)
    18. Use of the write API (writeapi)
  1. Administrators (list of members)
    1. Block a user from sending email (blockemail)
    2. Block other users from editing (block)
    3. Bypass IP blocks, auto-blocks and range blocks (ipblock-exempt)
    4. Bypass automatic blocks of proxies (proxyunbannable)
    5. Change protection levels and edit protected pages (protect)
    6. Create new user accounts (createaccount)
    7. Delete pages (delete)
    8. Delete pages with large histories (bigdelete)
    9. Edit other users' CSS files (editusercss)
    10. Edit other users' JavaScript files (edituserjs)
    11. Edit semi-protected pages (autoconfirmed)
    12. Edit the user interface (editinterface)
    13. Have one's own edits automatically marked as patrolled (autopatrol)
    14. Import pages from a file upload (importupload)
    15. Import pages from other wikis (import)
    16. Mark others' edits as patrolled (patrol)
    17. Mark rolled-back edits as bot edits (markbotedits)
    18. Mass delete pages (nuke)
    19. Move files (movefile)
    20. Move pages (move)
    21. Move pages with their subpages (move-subpages)
    22. Move root user pages (move-rootuserpages)
    23. Not be affected by rate limits (noratelimit)
    24. Not create redirects from source pages when moving pages (suppressredirect)
    25. Override files on the shared media repository locally (reupload-shared)
    26. Override the title or username blacklist (tboverride)
    27. Overwrite existing files (reupload)
    28. Perform CAPTCHA-triggering actions without having to go through the CAPTCHA (skipcaptcha)
    29. Quickly rollback the edits of the last user who edited a particular page (rollback)
    30. Search deleted pages (browsearchive)
    31. Unblock themselves (unblockself)
    32. Undelete a page (undelete)
    33. Upload files (upload)
    34. Use higher limits in API queries (apihighlimits)
    35. View a list of unwatched pages (unwatchedpages)
    36. View deleted history entries, without their associated text (deletedhistory)
    37. View deleted text and changes between deleted revisions (deletedtext)
  1. Users (list of members)
    1. Create discussion pages (createtalk)
    2. Mark edits as minor (minoredit)
    3. Move files (movefile)
    4. Move pages (move)
    5. Move pages with their subpages (move-subpages)
    6. Move root user pages (move-rootuserpages)
    7. Override files on the shared media repository locally (reupload-shared)
    8. Overwrite existing files (reupload)
    9. Purge the site cache for a page without confirmation (purge)
    10. Read pages (read)
    11. Send email to other users (sendemail)
    12. Upload files (upload)
    13. Use of the write API (writeapi)
MarkAHershberger (talkcontribs)

You aren't putting the page you want to protect in a protected namespace, so it doesn't get protected. If you use "aec:test aec page" as a page name, it will be protected.

Chethankswamy (talkcontribs)

Thanks a lot Mark, this worked, sorry for late reply