This is just a PSA for those wanting a way of providing a protected namespace for private content that is also able to automatically protect files uploaded from a page in that namespace. The goal on my site was to give management a place to upload sensitive management files that are not available to non-management users. Here's how I did it:
- Create a custom namespace called "Management"
- Create a custom rights group called "management"
- Use "Extension:Lockdown" to protect the "Management" namespace for user in the "management" right group
- Use "Extension:SimpleBatchUpload" in a page in the Management namespace to provide the methods of uploading files with a template of
{{Upload|viewedonlyby=management}} - Modify Template:Upload to test (#ifeq) for property
{{{viewonlyby|}}}in{{Uploads}},- if so, then add
[[Visible to group::management]]to all files uploaded with that template where|viewonlyby=management.
- if so, then add
- Use Extension:Semantic_ACL to limit access to the file by group management per the presence of
[[Visible to group::management]].
In summary: Custom Namespace + Lockdown + SimpleBatchUpload + SemanticACL produces the overall effect.
Within the security limitations noted by MW, this method provides a very nice way of allowing management to add content that is not visible to non-management users.. a very handy thing for an enterprise site!