If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked.
For further details, see Security issues with authorization extensions
Release status: stable
|Description||Restrict permissions by category and group|
|Latest version||3.1 (2021-12-13)|
|License||GNU General Public License 3.0 or later|
|Translate the CategoryLockdown extension if it is available at translatewiki.net|
CategoryLockdown is an extension that allows admins to restrict permissions by category and group.
- Download and place the file(s) in a directory called
- Add the following code at the bottom of your LocalSettings.php:
wfLoadExtension( 'CategoryLockdown' );
- Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.
To restrict the 'read' permission of the Category:Maintenance and its pages to the 'sysop' group only (admins), add the following to your LocalSettings.php:
$wgCategoryLockdown['Maintenance']['read'] = 'sysop';
Similarly, to restrict the 'edit' permission of the Category:Sales and its pages to the 'vendor' group:
$wgCategoryLockdown['Sales']['edit'] = 'vendor';
To restrict editing to users in the 'vendor' OR 'manager' groups:
$wgCategoryLockdown['Sales']['edit'] = [ 'vendor', 'manager' ];
Note that pages in subcategories are not affected. If Category:Clients is a subcategory of Category:Sales, then pages within it won't be protected by the above setting. You'd need to add:
$wgCategoryLockdown['Clients']['edit'] = [ 'vendor', 'manager' ];
Also note that if a page is in the Category:Sales and the Category:Clients, then the following will restrict editing to users in the 'vendor' OR 'manager' groups:
$wgCategoryLockdown['Sales']['edit'] = 'vendor', $wgCategoryLockdown['Clients']['edit'] = 'manager';
Finally, note that:
- Rules don't apply to admins.
- You can use this syntax to restrict any permission (not just 'read' and 'edit'). However, if users are allowed to read and edit a page, then they can avoid other restrictions by re-categorizing the page.
- This extension only removes permissions, it doesn't grant them. If the general config of your wiki forbids editing to all users, then adding a rule that restricts editing to a certain group won't work. Instead, allow editing to all users and then use this extension to restrict editing to the desired group.