Last modified: 2011-03-13 18:05:00 UTC
The purpose of the patch is to allow a page to have restrictions on groups, and
prevent any user that does
not belong to the right group from viewing or reading that page.
The patch adds a tab called 'restrict', available to users who can
'setpagegroup'. Clicking on this tab gives access
to a field so the user can modify himself (no graphical tools) the field
'page_restrictions' of a given page.
Combined to an extended definition of the variable $wgGroupPermissions, one can
add more groups.
I had to modify the method userCan and userCanRead of Title.php to make the
For instance and to give a concrete example : imagine you have physicists and
chemists using the same wiki.
For any reason, physicists must not access the pages of chemists and vice-versa.
The sysop can define two groups,
ph and ch for instance. Then he puts each chemist user in the group ch and
physicists in the group ph. This is done
in the LocalSettings.php, altering the array $wgGroupPermissions. Now the pages
can be assigned a restriction to
ch or ph group for read or edit actions, through the 'restrict' tab.
This patch is functionnal, but not very secure (direct access to the database,
through a text field in html, but limited to sysops)
In addition the wgGroupPermissions array must definitely be encoded in the
database, and have some nice html pages
to modify it.
I wish people would read, now and again, what is written all over...
Created attachment 1111 [details]
the patch to handle group permissions
This whole type of thing is unsafe to tack onto the MediaWiki framework, which has many many
ways of providing access to the contents of any page.
Anyone with an actual requirement to prevent groups from being able to read each others'
content should either *not* use MediaWiki, and use some other software which can provide what
they require, or should install separate wiki instances for each group.