Extension talk:SemanticAccessControl/Flow

About this board

Google Code Shutting Down

2
Ckoerner (talkcontribs)

Hello, As you are likely aware, Google is shutting down their Google Code service in January of 2016. This extension appears to house its code with Google Code and is at risk to creating broken links and confusion of users in the near future.

I’m helping to let folks know about this coming update and provide some helpful links to make this migration easy. I hope you’ll take a moment and migrate your extension to a new hosting solution.

For extensions that have a compatible license, you can request developer access to the MediaWiki source repositories for extensions and get a new repository created for you. Alternatively, you may also export your code to other popular repositories such as Github and Bitbucket. Google has provided tools to help with this migration.

Kghbln (talkcontribs)

For the record: I have just moved the code over from Google to GitHub to preserve it an have a smooth migration process. However, this extension is still unmaintained, so who ever wants to pick up this task is very welcome to do so.

Reply to "Google Code Shutting Down"
Adam Edgington (talkcontribs)

"Finally, upload pages under 'pages' folder and 'groups' folder to your site." < This needs clarification, please. Simply uploading these files to the /mw/ root or /extensions/ has no effect. Adam Edgington 22:50, 23 January 2012 (UTC)

Jasonzhang (talkcontribs)

Update that section. Please modify it directly to make it clear if you still think it is unclear.

Mtyeh411 (talkcontribs)

Jason, for future revisions, you could look into importing/exporting these pages from MediaWiki XML dumps to make it easier. Just a thought.

165.228.105.50 (talkcontribs)

Could you provide step by step instruction on how to add the pages manually? Or provide reference on how to use the wikibot?

Jasonzhang (talkcontribs)

Please download wikibot.pl and try wikibot.pl --help. The help gives out complete information for how to use it. Adding all the page manually is painful process. For each page, create the page with the filename as title, paste file content as page content and click save. -jason

Freckle (talkcontribs)

Hello, I am quite new to programming and SMW, and I am experiencing difficulties with installing this extension manually. I could not login to view the demo, since I can't create an account on http://demo.flexdms.com.

As you suggested, I created pages for all the properties (with 'create property'), forms, templates and categories (also with create form/template/category), since I found no possibility for a function in SMW 'create a page' under special pages. Afterwards I manually edited these pages with the appropriate content. These steps were successful.

The problem I have, is, should I use 'create category' to create the pages 'Project ACL' and 'Project User Group'? How should they be added?

I would appreciate any help. Thank you very much in advance.

Kind regards

This post was posted by Freckle, but signed as 87.78.131.156.

Jasonzhang (talkcontribs)

For demo, you do not need to create User account. Just use provided user account. The Main_Page has the test account and password.

I updated the distribution. Right now you can use Special:Import to import all the pages. This makes life much easier. Check updated documentation.

Reply to "Installation"

6 extensions - really essentiell? And is there an example page?

6
Speedtook (talkcontribs)

Why I need 6 extensions, that I can use accesscontrol. Is it really essentiell?

Is there an example page, for testing this extension?

Pierro78 (talkcontribs)

you could use the "semantic mediawiki bundle" which, I believe, contains the 6 extensions (but you need to activate some like the Semantic Internal Object one)

Jasonzhang (talkcontribs)

All six extensions are needed. As Pierro78 pointed out, you can use semantic mediawiki bundle plus this extension. Set up your own demonstration following the "Demonstration" section in the document.

Speedtook (talkcontribs)

Hello,

already we installed Semantic Mediawiki and Semantic Forms, also BlueSpice and LDAP Authentication. And we do not want install a lot of extensions, because if we must update our wiki, it will be more complicated. The extensions have to work together.

I do not know if SemanticAccessControl this extension is which I need. We tried it with ImprovedAccessControl, but the problem is, this extension does not work in a template. So it would be good, if I could test it before I have installed it, because else I must delete it again.

Thank you for your fast answers!
Kind regards

Kghbln (talkcontribs)

Some things have to be accepted the way they are. However, these extensions are easy going on upgrade. Cheers

Legaulph (talkcontribs)

I have a similar issue that all those extension may cause conflicts with my configuration. In particular HeaderTabs I can't use because of the multiple extensions that conflict with it.

Reply to "6 extensions - really essentiell? And is there an example page?"

Content of UserGroup:SiteAC

1
CrystianMarquez (talkcontribs)

what content needs to page "UserGroup:SiteACL" to work the Access control?, which semantic properties i have to define into the "Template:ACL Page User Permission"

i hope can help me

Reply to "Content of UserGroup:SiteAC"

Extension doesn´t work

15
Mediawikitester (talkcontribs)

Hi, the extension doesn´t work. I saved a page with this code:

{{ACL Page User Permission
|User=Mediawikitester
|Permission=read, write, grant
|Grant=Grant}}

But all users can read and write :-(

Mediawikitester (talkcontribs)

and also anonymous users have access.

What could be my mistake?

Jasonzhang (talkcontribs)

You need EXPLICITLY deny access for ALL other users.

You can add statment like this

{{ACL Page Group Permission
|UserGroup=All Users
|Permission=write, read, grant
|Grant=Reject
}}

or Configure UserGroup:SiteACL.

Mediawikitester (talkcontribs)

Hi, how do I set permissions for specific users? For example: I want to create a page, that only I have access. Other users and anonymous should not able to read or write. I tought that works with:

{{ACL Page User Permission
|User=Mediawikitester
|Permission=read, write, grant
|Grant=Grant}}

But after saving that page, still all can read and write :-(

Jasonzhang (talkcontribs)

Please read the documentation and my reply! First, check your installation and make sure Semantic Internal Object extensions works. If SIO does not work, this extension does not work, either. Second, please read my reply before. You have to explicitly deny access for ALL other users. Did you do it? Moreover, login may be required for all users. I did not test this user for anonymous user. In my test, login is required at my installation.

59.167.198.77 (talkcontribs)

I feel like I must be missing something about this extension is supposed to work. I have installed it and all its requirements including SIO and they show up under Special:Version in my SMW instance. However, the only way I am able to get ACLs to work is by embedding the ACLs directly in the page, or via template.

I tried initially to block all access to the site following the example in the Development_notes.txt, I have set my SiteACL to: {{ACL UserGroup |Users=All Users }} {{ACL UserGroup Permission |Permissions=write,grant,read |Grant=Reject }}

But still all logged in and anonymous users are able to view Main_Page, and any other page which does not have ACLs to deny access in the actual page content. The same applies to the GroupACL (also set to deny everything), and I have even tried to use Page ACLs (defined using the permissions menu) but they don't seem to work either.

Is there something I am missing about how this extension is supposed to work? Is it required to defined ACL properties on every page or something?

I am using mediawiki 1.22.1 and SMW 1.9.0.1. Any tips you can give would be appreciated

Jasonzhang (talkcontribs)

add this to you template {{ACL Page Group Permission |UserGroup=All Users |Permission=write, read, grant |Grant=Reject }} Please note: owner always has every right. Second, test to make sure SIO really work. I have many trouble with SIO. Sometime SIO just does not work even it is installer properly. Live demo site is available right now. Check it too

59.167.198.77 (talkcontribs)

I realise I can add a block all ACL to my page templates, but what about pages that don't use templates? From what I can understand from the documentation, the SiteACL should control access to all content pages even if they don't have ACLs in them. Is that assumption incorrect? Does the SiteACL only come into affect when other ACLs are evaluated first?

I have looked at the demo site but it's SiteACL is blank and the GroupACL is the default value. It would be very helpful if you could update it so there is an example of how to set these so they work.

I tested SIO with a dummy page using the set_internal function and it seems to be working fine.

Thanks again for your help.

Jasonzhang (talkcontribs)

It seems that the 'All Users' does not work for SiteACL. This is a bug. As a workaround, you can set up site permission in LocalSettings.php following MediaWiki instruction. This extension will fall back into MediaWiki if no explicit deny or grant access is specified.

59.167.198.77 (talkcontribs)

I am unable to get the SiteACL to work in any way, even by specifying UserGroups or individual users. The Development_notes.txt in the google code repository says the SiteACL applies to all users implicitly and the Users field is ignored in the SiteACL (line 35-36). Has the Semantic Access Control extension (or at least the SiteACL/GroupACL functionality) been verified to work with the latest versions of MW/SMW? Could this be a bug with the most recent versions?

Jasonzhang (talkcontribs)

I verified in my demo site. SiteACL does not work. This is a bug in code. Again, SiteACL can be replaced with Wiki itself permission in LocalSettings.php. I did not verify GroupACL.

Mediawikitester (talkcontribs)

Is there an existing webside, which use this extension? It would be very helpful, if I had an example.
I need the information, what for forms, templates and UserGroups,... I have to create, that the extension works.

Jasonzhang (talkcontribs)

Sorry, No existing website. I do not have a public server at my dispose.

Jasonzhang (talkcontribs)

demo site is available right now

Mediawikitester (talkcontribs)

We installed the extension and it works perfect :) < /br> Thank you!

Reply to "Extension doesn´t work"

Is it possible to protect against reading every pages in namespaces Template, Property, Special ?

2
Nicolas NALLET (talkcontribs)

Thanks,

207.102.70.3 (talkcontribs)

Template and Property are Schema page and only editable by User in Developer Group. Special page is not protected by this extension. This extension is targeted for content page instead of the pages above

Reply to "Is it possible to protect against reading every pages in namespaces Template, Property, Special ?"
80.149.179.4 (talkcontribs)
  • If a page has a ":" in its pagename, the accesscontrol function doesn´t work!!
  • If it exist a redirect on a page, you have to protect both, that the function works!
Jasonzhang (talkcontribs)

: is namespace separator. You have to specify each protected namespace in $ACL_CONTENT_Namespaces. Please refer to configuration section

80.149.179.4 (talkcontribs)

The extension also doesn´t work if there is a "." oder "-" or so on in pagename.

Jasonzhang (talkcontribs)

I tried here:http://demo.flexdms.com/wiki/index.php/Department-2. This page has '-' in page name. Login as test21/123456. You will see access is denied. So it works for page with '-' in name. By the way,please ask support in Semantic Mediawiki mail listing. I mayh not monitor this extension page.

Reply to "Bugs"
Jasonzhang (talkcontribs)

For support, please send email to user mail list in SemanticMediawiki. I may not monitor this page.

Reply to "Support Note"

has SemanticAccessControl been tested againt hacking ?

2
Nicolas NALLET (talkcontribs)

Hi,

First Thank you for this extension that SemanticMediaWiki nedded. Do you know if SAC (and its protected pages from viewing) was widely tested against hacking by unauthorised user ?

Thanks,

Nicolas NALLET (talk) 09:32, 18 October 2012 (UTC)

Jasonzhang (talkcontribs)

It is not tested for hacking. As a general warning from mediawiki, it is not a secure system.

Reply to "has SemanticAccessControl been tested againt hacking ?"
66.41.96.6 (talkcontribs)

I screwed up when I installed SemanticAccessControl. I imported the pages I created on the development server onto the production server before I enabled the extension. I think I got most of the users granted with the appropriate permissions when I tried to add a new user with "create user" I get the following error. I did run the update.php script. I commented out the semanticaccesscontrol and tried to add the user and I still have the same error below.

Any ideas? Thanks! Amblerllc


A database error has occurred. Did you forget to run maintenance/update.php after upgrading? See: http://www.mediawiki.org/wiki/Manual:Upgrading#Run_the_update_script Query: INSERT INTO `user` (user_id,user_name,user_password,user_newpassword,user_newpass_time,user_email,user_email_authenticated,user_real_name,user_options,user_token,user_registration,user_editcount) VALUES (NULL,'AdminCary',,,NULL,,NULL,,,,'20121106014316','0') Function: User::addToDatabase Error: 1054 Unknown column 'user_options' in 'field list' (localhost)

Jasonzhang (talkcontribs)

As I know, this error is not related to SemanticAccessControl. SemanticAccessControl does not manage user itself.

Reply to "Create User Failure"
Return to "SemanticAccessControl/Flow" page.