Last modified: 2010-05-15 15:33:00 UTC
I'm hoping to get some attention onto this so that it'll get into the 1.5.x branch. The current user permissions setup is completely lacking in mediawiki. There is some kind of permission settings for users in MediaWiki, but I've been unable to find decent documentation for it. Looking at the db directly, there is only a blob describing permissions. This is inadequate. I propose a modified version of the permission/groups scheme I designed for the Scoop weblog software. In this case, every use is a member of a group (even anonymous people). Each group has a set of permission bits, which can be Y, N, or empty. Empty means check the value of the default group (which no-one is assigned to). IE: default: read: y, write: y, delete: n anonymous read: , write: , delete: normal read: , write: , delete: y admin read: , write:, delete: y This allows you to define sets of groups which have finely-grained permission settings (such as an intermediate editors class, or a class of users which can delete pages permanently) without allowing people complete Wiki control. Additionally, you can setup the pages to allow only certain groups to read/write them. This is beneficial for corporate environments, where the completely-open nature of the wikis could lead to issues, as well as when wikis are used for personal-webpage management. Another great benefit of this setup is that you can edit the permission bits for a group via something like phpMyAdmin, or raw sql statements. When you extend the permission bit set during future branches, you can set a default "safe" value, and allow the admins of the sites to put in their own values on the extra groups. I don't think a BLOB is an acceptable method of encoding user permissions, especially if mediaWiki is to work well and play with other SQL-aware web applications on the server.
Already implemented in 1.5 months ago.
