Comments on: Page-by-page authentication in MediaWiki http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/ Mapping knowledge online since 1999 Wed, 13 Oct 2010 15:38:21 +0000 hourly 1 http://wordpress.org/?v=3.1.3 By: Warren http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-419031 Warren Thu, 17 Sep 2009 05:15:41 +0000 http://www.epistemographer.com/?p=238#comment-419031 Hey could somebody repost a current working 1.5 version please? It is not working with current wiki version... -Warren Hey could somebody repost a current working 1.5 version please?
It is not working with current wiki version…

-Warren

]]> By: shilpa http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-33492 shilpa Mon, 13 Nov 2006 21:39:48 +0000 http://www.epistemographer.com/?p=238#comment-33492 Thanks Tim for ur reply. I will check it out. Thanks Tim for ur reply. I will check it out.

]]> By: Tim Ingalls http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-32823 Tim Ingalls Fri, 10 Nov 2006 13:30:57 +0000 http://www.epistemographer.com/?p=238#comment-32823 Shilpa, If you don't exactly need to use MediaWiki for your class, check out the DFWiki that comes with Moodle 1.5. The ACL that comes with Moodle makes it so you can start a new wiki for each class and control who sees it and who can edit it. For a classroom situation, it works well. You can also create a read only copy of the wiki and an edit copy that students use. Once the students have improved the wiki, you can incorporate the changes into the read-only wiki and use the new wiki copy for the new class to have an even better starting point. It's not the greatest solution for a non-class setting though, so I'm hoping I can get a real ACL solution for MediaWiki to work. Shilpa,

If you don’t exactly need to use MediaWiki for your class, check out the DFWiki that comes with Moodle 1.5. The ACL that comes with Moodle makes it so you can start a new wiki for each class and control who sees it and who can edit it.

For a classroom situation, it works well. You can also create a read only copy of the wiki and an edit copy that students use. Once the students have improved the wiki, you can incorporate the changes into the read-only wiki and use the new wiki copy for the new class to have an even better starting point.

It’s not the greatest solution for a non-class setting though, so I’m hoping I can get a real ACL solution for MediaWiki to work.

]]> By: shilpa http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-32696 shilpa Thu, 09 Nov 2006 20:37:11 +0000 http://www.epistemographer.com/?p=238#comment-32696 Hi there, The solution(coding) is quite good. However, if there are 50 users to whom I would like to restrict access to, then I would have to enter 50 users! I am trying to figure out a simpler solution to restict users for each class of students --that is, depending on which students should be given access as per the course they enroll. In each class, I would have around 30 students and there are so many classes in the university. It is not possible for the administrator to enter all student names for each class as it is very time consuming and tedious. I have been trying to figure out a solution for my problem since a few weeks. Does anyone have any suggestions to a simpler code solution? Thanks. Hi there,
The solution(coding) is quite good. However, if there are 50 users to whom I would like to restrict access to, then I would have to enter 50 users!

I am trying to figure out a simpler solution to restict users for each class of students –that is, depending on which students should be given access as per the course they enroll.
In each class, I would have around 30 students and there are so many classes in the university. It is not possible for the administrator to enter all student names for each class as it is very time consuming and tedious.

I have been trying to figure out a solution for my problem since a few weeks. Does anyone have any suggestions to a simpler code solution?

Thanks.

]]> By: Michael http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-4706 Michael Mon, 26 Jun 2006 14:53:09 +0000 http://www.epistemographer.com/?p=238#comment-4706 Your code works exactly as it should but there's one design flaw. You cant restrict the group pages themselves! Any one can add themselves to the group just by editing the page. I know you can restrict the page to just sysops, but this doesn't scale well if you have multiple sysops and you don't want all of them to have access to the page. Any ideas on how we can fix this? Your code works exactly as it should but there’s one design flaw. You cant restrict the group pages themselves! Any one can add themselves to the group just by editing the page. I know you can restrict the page to just sysops, but this doesn’t scale well if you have multiple sysops and you don’t want all of them to have access to the page.

Any ideas on how we can fix this?

]]> By: Martin Mueller http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-2632 Martin Mueller Wed, 10 May 2006 13:09:44 +0000 http://www.epistemographer.com/?p=238#comment-2632 I have made a group based version of this code, so you don't have to change every page, if a user is no more allowed to see a page. See http://blog.pagansoft.de/index.php?/archives/12-Extension-fuer-MediaWiki-Seitenbasierte-Gruppen-Zugriffskontrolle.html#extended for details Thanks! That was a very cool template for my very first MediaWiki extension. I have made a group based version of this code, so you don’t have to change every page, if a user is no more allowed to see a page.
See http://blog.pagansoft.de/index.php?/archives/12-Extension-fuer-MediaWiki-Seitenbasierte-Gruppen-Zugriffskontrolle.html#extended for details

Thanks! That was a very cool template for my very first MediaWiki extension.

]]> By: Rain http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-2257 Rain Thu, 13 Apr 2006 08:58:22 +0000 http://www.epistemographer.com/?p=238#comment-2257 Hello! We have almost the same thoughts as Michael Kennedy already described. We are using the Mediawiki as a collaboration environment in a design house, which is making projects (products) for multiple customers. It would be perfect if it would be possible to publish certain pages (Product specification, requirements specification, support page, bug tracker, etc) to the customer, but deny all other pages. Basically, customer one should not see pages related to other customers or the pages that are intended for internal use. Therefore, as I see it, the system should deny viewing and editing ‘’’all’’’ pages for certain user belonging to a dedicated group (all customers should belong to the 'external' group), except the pages that have this extra tag on it. e.g. group=external; users=customer1,customer2.. Or even: Hidden content … Content to be published… Hidden content … I’m not expert in the Mediawiki internals, but it seems to me, that, in order to accomplish this the LocalSettings.php should define an array variable defining all the groups that must go through the extra content processing. If a user belonging to one of the groups accesses a page the page must contain the (or ) tag. If not, the page is not displayed (the browser is redirected to a deny page), if yes, the allowed part of the page will be displayed. For any other group the tag will be ignored. Thanks! Hello!
We have almost the same thoughts as Michael Kennedy already described. We are using the Mediawiki as a collaboration environment in a design house, which is making projects (products) for multiple customers. It would be perfect if it would be possible to publish certain pages (Product specification, requirements specification, support page, bug tracker, etc) to the customer, but deny all other pages. Basically, customer one should not see pages related to other customers or the pages that are intended for internal use. Therefore, as I see it, the system should deny viewing and editing ‘’’all’’’ pages for certain user belonging to a dedicated group (all customers should belong to the ‘external’ group), except the pages that have this extra tag on it.

e.g. group=external; users=customer1,customer2..

Or even:

Hidden content …

Content to be published…

Hidden content …

I’m not expert in the Mediawiki internals, but it seems to me, that, in order to accomplish this the LocalSettings.php should define an array variable defining all the groups that must go through the extra content processing. If a user belonging to one of the groups accesses a page the page must contain the (or ) tag. If not, the page is not displayed (the browser is redirected to a deny page), if yes, the allowed part of the page will be displayed.
For any other group the tag will be ignored.

Thanks!

]]> By: Sean http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-2155 Sean Fri, 10 Mar 2006 00:33:55 +0000 http://www.epistemographer.com/?p=238#comment-2155 Hey could somebody repost a current working 1.5 version? -Sean Hey could somebody repost a current working 1.5 version?

-Sean

]]> By: Juampe http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-2133 Juampe Sun, 05 Mar 2006 17:48:28 +0000 http://www.epistemographer.com/?p=238#comment-2133 hey the blog cuts the tag data and many authors! sorry hey the blog cuts the tag data and many authors!
sorry

]]> By: Juampe http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/comment-page-1/#comment-2132 Juampe Sun, 05 Mar 2006 17:45:11 +0000 http://www.epistemographer.com/?p=238#comment-2132 05/03/2006 //make accescontrol valid for users an groups //u:juampe,g:graph,u:ruben //Is compatible with restrict patch //Make ACL bypass to restrict an viewrestrict groups //TODO: make a nice deny page $wgExtensionFunctions[] = "wfAccessControl"; //This is the hook function. It adds the tag to the wiki parser and //tells it what callback function to use. function wfAccessControl() { global $wgParser; # register the extension with the WikiText parser $wgParser->setHook( "accesscontrol", "controlAccess" ); } // The callback function for user access function controlAccess( $input ) { // Grab currently logged in user global $wgUser; //restrict viewrestrict group can bypass if(in_array('viewrestrict',$wgUser->mGroups)||in_array('restrict',$wgUser->mGroups)){ return; } //get users preg_match_all('/u:(\w+),?/',$input,$usersAccess); preg_match_all('/g:(\w+),?/',$input,$groupsAccess); //If not restriction is set, then exit and grant if (((!is_array($usersAccess[1])) && (!is_array($groupssAccess[1]))) || ((count($usersAccess[1]) == 0) && (count($usersAccess[1])))) { return; } $cleanedUsersAccess[] = ""; // Trim leading whitespaces from usernames foreach ($usersAccess[1] as $userEntry) { $userEntry = strtolower(ltrim($userEntry)); array_push($cleanedUsersAccess, $userEntry); } $cleanedGroupsAccess[] = ""; // Trim leading whitespaces from usernames foreach ($groupsAccess[1] as $groupEntry) { $groupEntry = strtolower(ltrim($groupEntry)); array_push($cleanedGroupsAccess, $groupEntry); } // Check Group access foreach($cleanedGroupsAccess as $groupEntry) { if(in_array($groupEntry,$wgUser->mGroups)){ return; } } // Put up an error message if current user doesn't match // accesscontrol list if (in_array(strtolower($wgUser->getName()), $cleanedUsersAccess)) { return; } //Access Denied print "User: ".$wgUser->getName()." Access Denied"; print "Group: "; foreach($wgUser->mGroups as $groupEntry) { print "$groupEntry "; } print " Access Denied"; print "Allowed users: "; foreach($cleanedUsersAccess as $userEntry) { print "$userEntry "; } print "Allowed groups:"; foreach($cleanedGroupsAccess as $groupEntry) { print "$groupEntry "; } exit(); } ?> 05/03/2006
//make accescontrol valid for users an groups
//u:juampe,g:graph,u:ruben
//Is compatible with restrict patch
//Make ACL bypass to restrict an viewrestrict groups
//TODO: make a nice deny page

$wgExtensionFunctions[] = “wfAccessControl”;

//This is the hook function. It adds the tag to the wiki parser and
//tells it what callback function to use.
function wfAccessControl() {
global $wgParser;
# register the extension with the WikiText parser
$wgParser->setHook( “accesscontrol”, “controlAccess” );
}

// The callback function for user access
function controlAccess( $input ) {
// Grab currently logged in user
global $wgUser;

//restrict viewrestrict group can bypass
if(in_array(‘viewrestrict’,$wgUser->mGroups)||in_array(‘restrict’,$wgUser->mGroups)){
return;
}

//get users
preg_match_all(‘/u:(\w+),?/’,$input,$usersAccess);
preg_match_all(‘/g:(\w+),?/’,$input,$groupsAccess);

//If not restriction is set, then exit and grant
if (((!is_array($usersAccess[1])) && (!is_array($groupssAccess[1]))) ||
((count($usersAccess[1]) == 0) && (count($usersAccess[1])))) {
return;
}

$cleanedUsersAccess[] = “”;
// Trim leading whitespaces from usernames
foreach ($usersAccess[1] as $userEntry) {
$userEntry = strtolower(ltrim($userEntry));
array_push($cleanedUsersAccess, $userEntry);
}

$cleanedGroupsAccess[] = “”;
// Trim leading whitespaces from usernames
foreach ($groupsAccess[1] as $groupEntry) {
$groupEntry = strtolower(ltrim($groupEntry));
array_push($cleanedGroupsAccess, $groupEntry);
}

// Check Group access
foreach($cleanedGroupsAccess as $groupEntry) {
if(in_array($groupEntry,$wgUser->mGroups)){
return;
}
}

// Put up an error message if current user doesn’t match
// accesscontrol list
if (in_array(strtolower($wgUser->getName()), $cleanedUsersAccess)) {
return;
}

//Access Denied
print “User: “.$wgUser->getName().” Access Denied”;
print “Group: “;
foreach($wgUser->mGroups as $groupEntry) {
print “$groupEntry “;
}
print ” Access Denied”;

print “Allowed users: “;
foreach($cleanedUsersAccess as $userEntry) {
print “$userEntry “;
}

print “Allowed groups:”;
foreach($cleanedGroupsAccess as $groupEntry) {
print “$groupEntry “;
}

exit();
}

?>

]]>