Jump to content

Topic on Extension talk:AccessControl

Problem related groups and add reading access to non-registered users for certain pages.

4
Nctuser (talkcontribs)

We have installed the lastest (v6.0/2023-03-01) AccessControl extension into our MediaWiki (v1.39.3, PHP v7.4.33), and we have a question about usage realted to groups and the right strategy in our situation.

Our purpose is create three levels of access. First is public where, the non-registered users (anonymous visitors) can read certain pages. We would like create two user groups (both registered), a "staff" group which access (can read) most of (but not all) pages, and a "devteam" who can read, create, edit the restricted technical documentations (this pages should be accessible only for the "devteam" group). We think we can create this construction with help of AccessControl extension but we have stumbled a problem what we have could not to solve.

We put this into the protected page:


{ { AccessControl

| readOnlyAllowedUsers = TestUser

| editAllowedUsers = TestUserAdvanced

} }


In the template above the non-registered users can not see the page, the TestUser can read only but not edit, the TestUserAdvenced can see and edit the page. This works well and this is the expected behavior. But when we translate this to groups the protection does not work as before.

We want apply the schema above and we put this into the protected page:


{ { AccessControl

| readOnlyAllowedGroups = TestUserGroup

| editAllowedGroups = TestUserAdvancedGroup

} }


The TestUser is member of the TestUserGroup group and the TestUserAdvanced is member of the TestUserAdvancedGroup group so we expect the exactly the same behavior as before, but this happens: both the TestUser and TestUserAdvanced cannot see the page and only the administrator can see and edit the page. So the it looks like the group based access control does not work properly.

What can cause this behavior? Is there special rights what needed for the groups to work as before (when we use users in the template)?

Can we put any name instead of AccessControl into the template or has this name special meaning? Can we make this invisible on the page (now "Template: AccessControl" text appears at the top of page)?


For non-registered users we enabled the reading, as in the documentation is shown. But we afraid if the editor non limits (forgets to limit) the access for the page of confidental information will be available for all the non-registered users, so we disabled the reading by default for non-registered users. We thought this will be safer, but we do not know how can we make certaion pages "public". If the visitors reading access is diabled ($wgGroupPermissions['*']['read'] = false;), is there a way to the page creator/editor to make the edited page "public" (available for reding for non-registered users)?


Thank you for yor answer.


We are newbies in MediaWiki and in AccessControl, so sorry, if the question is basic, or already answered in the documentation.

Nctuser (talkcontribs)

On AccessControl extension's wiki page there is a warning which I think supposed to mean that the wiki user groups are not usable any more. However in the "Using" section the editAllowedGroups and readOnlyAllowedGroups keywords are still listed as if they work. Correct me if I am wrong or a confirmation would be nice.

For version ≥ 2.0

MediaWiki versions: 1.18 – 1.20
Warning: From version 2.0 the extension does not use wiki user groups (except sysop), only groups created by user access lists!
185.25.193.185 (talkcontribs)

I also had the same problem, and the documentation is difficult to understand.

I got it working by doing the following:

  • Create a page, e.g. "Department:IT" (it should contain a column, otherwise it won't work)
  • Insert a * Marcus Aurelius inside the page
  • In the page that you want to protect, insert:
    • {{AccessControl | readOnlyAllowedGroups=Department:IT}}
  • Now Marcus Aurelius will be able to read the page, Admin will be able to edit the page, everyone else won't read nor edit the page
Hpyjoy (talkcontribs)

How do you protect the new page you created: "Department:IT". If someone gets the link, they could add themselves to the list.

Reply to "Problem related groups and add reading access to non-registered users for certain pages."