Last modified: 2010-05-15 15:37:47 UTC
The new group permission mechanism allows the possible extension to supporting
"protected" namespaces. Pages in such a namespace can only be accessed by people
who are members of specific groups. While this is in some way counter to the
"open" spirit of wikis, it is very useful in, for example, an enterprise
environment where there may be some information which should not be completely
publicly accessible. A simple patch to Title.php (attached) shows a possible
Created attachment 776 [details]
Patch to implement protected namespaces
This patch affects only includes/Title.php. It introduces a new global
variable, $wgProtectedNamespaces. If this is set, it should be a list of
namespaces whose pages are to be specially protected. For each namespace, e.g.
"Foo", in the list only people who are members of the group "ns-Foo" will be
able to access pages within that namespace.
To give a concrete example, additions to LocalSettings.php might be:
$wgExtraNamespaces = array(100 => "Foo", 101 => "Foo_talk");
$wgGroupPermissions['ns-Foo']['read'] = true;
$wgGroupPermissions['ns-Foo_talk']['read'] = true;
$wgProtectedNamespaces = array('Foo', 'Foo_talk');
Now only users who are members of the group 'ns-Foo' will be able to access
pages in the 'Foo' namespace. Note that to access 'Foo_talk' pages they must
also be members of 'ns-Foo_talk', there is no implicit association.
The permission used in $wgGroupPermissions (here 'read') is largely irrelevant
as it is only the membership of the group that is important. Using 'read' will
generally be safe because a user is going to need that globally anyway!
There is a very small overhead added on normal page reads (the addition of an
existence check on $wgProtectedPages). I hope this is acceptable.
*** This bug has been marked as a duplicate of 2073 ***