Last modified: 2011-03-13 18:05:00 UTC
The purpose of the patch is to allow a page to have restrictions on groups, and prevent any user that does not belong to the right group from viewing or reading that page. The patch adds a tab called 'restrict', available to users who can 'setpagegroup'. Clicking on this tab gives access to a field so the user can modify himself (no graphical tools) the field 'page_restrictions' of a given page. Combined to an extended definition of the variable $wgGroupPermissions, one can add more groups. I had to modify the method userCan and userCanRead of Title.php to make the mechanism effective. For instance and to give a concrete example : imagine you have physicists and chemists using the same wiki. For any reason, physicists must not access the pages of chemists and vice-versa. The sysop can define two groups, ph and ch for instance. Then he puts each chemist user in the group ch and physicists in the group ph. This is done in the LocalSettings.php, altering the array $wgGroupPermissions. Now the pages can be assigned a restriction to ch or ph group for read or edit actions, through the 'restrict' tab. This patch is functionnal, but not very secure (direct access to the database, through a text field in html, but limited to sysops) In addition the wgGroupPermissions array must definitely be encoded in the database, and have some nice html pages to modify it.
I wish people would read, now and again, what is written all over...
Created attachment 1111 [details] the patch to handle group permissions
This whole type of thing is unsafe to tack onto the MediaWiki framework, which has many many ways of providing access to the contents of any page. Anyone with an actual requirement to prevent groups from being able to read each others' content should either *not* use MediaWiki, and use some other software which can provide what they require, or should install separate wiki instances for each group.
