Handbuch:$wgNamespaceProtection
| Zugang: $wgNamespaceProtection | |
|---|---|
| Welche Namensräume können von wem bearbeitet werden? |
|
| Eingeführt in Version: | 1.10.0 (r19110) |
| Entfernt in Version: | weiterhin vorhanden |
| Erlaubte Werte: | (Array von Arrays) |
| Standardwert: | $wgNamespaceProtection = []; (1.14+)$wgNamespaceProtection[NS_MEDIAWIKI] = array( 'editinterface' ); (1.10 - 1.13) |
| Andere Einstellungen: Alphabetisch | Nach Funktion | |
Details
This setting allows a wiki to require special permissions to edit some namespaces.
By default, the only restriction is that the MediaWiki namespace can only be edited by users with the 'editinterface' permission (by default: sysops).
The keys of the array are namespace numbers, and the values are simple arrays of permission names. If you list more than one permission for a given namespace, a user must have all of them to edit pages in that namespace.
Since 1.14, the MediaWiki: namespace is unconditionally protected to users with 'editinterface' right (same as in previous versions).
This is set in Setup.php and cannot be modified in LocalSettings.php since otherwise it's too easy to set it incorrectly and leave the wiki insecure.
If you want to allow other groups than sysops to edit the MediaWiki: namespace, then grant the 'editinterface' right to those groups.
It's not possible to restrict read access to a certain namespace with $wgNamespaceProtection.
(Siehe Extension:Lockdown)
Beispiel
Restricting editing of the main namespace
$wgNamespaceProtection[NS_MAIN] = ['edit-main'];
This restricts editing in the main namespace to people in a group that has the edit-main permission.
Setting up custom namespaces with restricted write access
define("NS_OFFICIAL", 100);
define("NS_OFFICIAL_TALK", 101);
$wgExtraNamespaces = [
NS_OFFICIAL => "Official",
NS_OFFICIAL_TALK => "Official_talk"
];
$wgNamespaceProtection[NS_OFFICIAL] = ['official-edit'];
$wgNamespaceProtection[NS_OFFICIAL_TALK] = ['official-talk-edit'];
$wgGroupPermissions['managers']['official-edit'] = true; // only managers can edit pages in the Official namespace
$wgGroupPermissions['employees']['official-talk-edit'] = true; // employees can edit pages in the Official_talk namespace
$wgGroupPermissions['managers']['official-talk-edit'] = true; // so can managers
Diskussionsseiten deaktivieren
Since "everyone" is not a core permission, literally everyone gets denied access (including sysops).
Note that you'll still need to remove the tab through other methods (see: Manual:FAQ#How do I add/remove tabs throughout my wiki?)
# Disable all core TALK namespaces
$wgNamespaceProtection[NS_TALK] = ['everyone'];
$wgNamespaceProtection[NS_USER_TALK] = ['everyone'];
$wgNamespaceProtection[NS_PROJECT_TALK] = ['everyone'];
$wgNamespaceProtection[NS_FILE_TALK] = ['everyone'];
$wgNamespaceProtection[NS_MEDIAWIKI_TALK] = ['everyone'];
$wgNamespaceProtection[NS_TEMPLATE_TALK] = ['everyone'];
$wgNamespaceProtection[NS_HELP_TALK] = ['everyone'];
$wgNamespaceProtection[NS_CATEGORY_TALK] = ['everyone'];
Siehe auch
- Kategorie:Seitenspezifische Benutzerrechteerweiterungen — more extensions to control page access in some way
- Extension:Lockdown — set any permission for any group per namespace
- Extension:NSFileRepo — set permissions for images and files per namespace (custom local file repository namespace protection — based on Extension:Lockdown)