Last modified: 2014-09-18 05:57:21 UTC
Although the header of Lockdown.php says "NOTE: you cannot GRANT access to things forbidden by $wgGroupPermissions. You can only DENY access granted there." the mere inclusion of Lockdown.php leads to this configuration being ignored: $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['user']['edit'] = true; Any user has edit privileges when Lockdown is active. This is discussed here: http://www.mediawiki.org/wiki/Extension_talk:Lockdown#Seconded_-_Overriding_.24wgGroupPermissions.3F
While digging deeper I think I found a hint on where the problem lies: the behaviour described above (Lockdown overriding <code>$wgGroupPermissions['*']['edit'] = false;</code>, thus anonymous users are able to edit) arises when a user was logged in before, but is not logged in anymore. May this be a session/cookie related problem? When requesting the same page at the same time from the same machine but in another browser (which hasn't been used for logging into the wiki), then the any-user cannot edit the page.