Extension:Semantic ACL

MediaWiki extensions manual
OOjs UI icon advanced.svg
Semantic ACL
Release status: beta
Description Allows per-page (or file) read and edit restrictions to be set using Semantic MediaWiki properties.
Author(s) Antoine Mercier-Linteau and Andrew Garrett
MediaWiki 1.31+ / Semantic MediaWiki >= 3.0.0
Database changes No
License GNU General Public License 2.0 or later
Download
sacl-exempt
Translate the Semantic ACL extension if it is available at translatewiki.net
Check usage and version matrix.
Issues Open tasks · Report a bug

The Semantic ACL (Access Control List) extension allows read and edit restrictions to be set on pages and files using semantic properties. Restrictions can be for anonymous/registered users, user groups or individual users.

FeaturesEdit

On top of denying viewing or editing of pages to certain users, Semantic ACL:

Works through transclusions
If a page is transcluding a page or a subset of the page that has a protection in place, users not allowed to view that content will see a placeholder message instead.
Works with files
If a file is protected, users not allowed to see the file will be denied access to the file page and will see placeholder content where the file is used in other pages. If a file is uncategorized or part of category that an anonymous user is not allowed to see, placeholder content will be displayed instead. Please not that this does not prevent retrieving files using raw URLs.
Works with search results and semantic queries
Search results including a page that a user is not allowed to see won't display the content of the page, only its title. Semantic page queries (except count) exclude pages a user can't view.
Works with Structured Discussions and talk pages
A talk page or a structured discussion will get the same protection as its associated content page.
Works within the wiki
No need to edit LocalSettings.php to modify restrictions, everything is done from inside your wiki.
Works with many use cases
Restrictions can be enabled for anonymous/registered users, user groups or individual users.

InstallationEdit

  • Download and place the file(s) in a directory called SemanticACL in your extensions/ folder.
  • Add the following code at the bottom of your LocalSettings.php:
    require_once "$IP/extensions/SemanticACL/SemanticACL.php";
    
  •   Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

RequirementsEdit

This extension requires Semantic MediaWiki to function.

UsageEdit

This extension disables the parser cache for pages that have ACL permissions.

To set restrictions, mark up a page with the appropriate properties.

To set read restrictions, use this property: [[Visible to::]]. If set to whitelist set allowed users or groups:

  • [[Visible to user::]]
  • [[Visible to group::]]

To set edit restrictions (which apply to all other actions), use this property: [[Editable by::]]. If set to whitelist set allowed users or groups:

  • [[Editable by user::]]
  • [[Editable by group::]]

The "main" property (Editable by or Visible to) can take one or more of these values. With the exception of "public", a user must satisfy all conditions set.

  • public — overrides all other values and never denies access.
  • users — denies access to users who are not logged in.
  • whitelist — denies access to all users who are not whitelisted, either explicitly or by being in a whitelisted group.

The read and edit restrictions have separate whitelists. You can add one or more users or groups to the whitelist using the appropriate properties. Note that the User: prefix is mandatory for the single-user whitelist (eg: [[Editable by user::User:John_Doe]]).

ExampleEdit

These properties, included on a page, would allow only users in the "moderator" group to read the page, and only the user "Chief Moderator" to edit it.

[[Visible to::whitelist]]
[[Visible to group::moderator]]

[[Editable by::whitelist]]
[[Editable by user::User:Chief Moderator]]

User rightsEdit

Users who have the sacl-exempt user group are never prohibited access by this extension. This is a failsafe to avoid pages becoming permanently uneditable by having an empty whitelist.

By default, administrators (users in the sysop group) are given this right.

Also, IPs listed in $wgSemanticACLWhitelistIPs are also granted full access.

ConfigurationEdit

Parameter Default Comment Examples
$wgSemanticACLWhitelistIPs null IPs listed in this array are granted full access To give local host full access: ['127.0.0.1', '::1']
$wgPublicImagesCategory null Only files within this category are shown to unregistered users. This feature is useful for wikis that make use of copyrighted images that have not been cleared for public viewing. Non-copyrighted_files