매뉴얼:유저 권한
사용자 권한은 다른 사용자 그룹에 할당 할 수있는 권한 (예: 페이지 편집 또는 사용자 차단 기능)입니다. 미디어위키는 기본적인 유저 권한 및 유저 그룹을 가지고 있습니다. 그러나 유저가 편집할 수 있습니다. 이 페이지는 기본 권한과 그룹 및 사용자 편집 방법을 설명합니다.
그룹에서 개별 wiki 사용자를 추가 및 제거하는 방법에 대한 정보는, 도움말:사용자 권한과 사용자 그룹 , Manual:Setting user groups in MediaWiki 를 보세요.
그룹 권한 변경
기본 미디어위키 설치는 기본 그룹에 특정 권한을 할당합니다 (아래 참조). 구문을 사용하여 $wgGroupPermissions 에서 LocalSettings.php 배열을 편집하여 기본 권한을 변경할 수 있습니다.
$wgGroupPermissions['group']['right'] = true /* 또는 거짓 */;
$wgGroupPermissions
는 includes/DefaultSettings.php
에 설정되지만, LocalSettings.php
에는 기술되지 않습니다. You will then need to add it in that file.If a member has multiple groups, they get all the permissions from each of the groups they are in.
All users, including anonymous users, are in the '*'
group; all registered users are in the 'user'
group.
In addition to the default groups, you can arbitrarily create new groups using the same array.
예제
This example will disable viewing of all pages not listed in $wgWhitelistRead , then re-enable for registered users only:
$wgGroupPermissions['*']['read'] = false;
# The following line is not actually necessary, since it's in the defaults. Setting '*' to false doesn't disable rights for groups that have the right separately set to true!
$wgGroupPermissions['user']['read'] = true;
This example will disable editing of all pages, then re-enable for users with confirmed email addresses only:
# Disable for everyone.
$wgGroupPermissions['*']['edit'] = false;
# Disable for users, too: by default 'user' is allowed to edit, even if '*' is not.
$wgGroupPermissions['user']['edit'] = false;
# Make it so users with confirmed email addresses are in the group.
$wgAutopromote['emailconfirmed'] = APCOND_EMAILCONFIRMED;
# Hide group from user list.
$wgImplicitGroups[] = 'emailconfirmed';
# Finally, set it to true for the desired group.
$wgGroupPermissions['emailconfirmed']['edit'] = true;
Creating a new group and assigning permissions to it
$wgGroupPermissions['<group-name>']
에 권한을 지정해 줌으로써 새로운 유저 그룹을 만들수 있습니다. <group-name>는 그룹 이름을 의미합니다.
Additionally to assigning permissions, you should create these three wiki pages with fitting content:
- MediaWiki:Group-<group-name> (content:
Name of the group
) - MediaWiki:Group-<group-name>-member (content:
Name of a member of the group
) - MediaWiki:Grouppage-<group-name> (content:
Name of the group page
)
By default, bureaucrats can add users to, or remove them from, any group. However, if you are using 매뉴얼:$wgAddGroups and Manual:$wgRemoveGroups , you may need to customize those instead.
예제
이 예제는 사용자를 차단하고 페이지를 삭제할 수 있고 모든 편집은 기본적으로 최근 바뀜에서 숨겨지는 독단적인 "projectmember" 그룹을 만들겠습니다.
$wgGroupPermissions['projectmember']['bot'] = true;
$wgGroupPermissions['projectmember']['block'] = true;
$wgGroupPermissions['projectmember']['delete'] = true;
'random group'
대신 'random-group'
이나 'random_group'
를 사용하세요. Moreover it is recommended to only use lowercase letters to create a group.In this example, you would probably also want to create these pages:
- MediaWiki:Group-projectmember (content:
Project members
) - MediaWiki:Group-projectmember-member (content:
Project member
) - MediaWiki:Grouppage-projectmember (content:
Project:Project Members
)
This will ensure that the group will be referred to as "Project members" throughout the interface, and a member will be referred to as a "Project member", and overviews will link the group name to Project:Project members.
This example disables write access (page editing and creation) by default, creates a group named "writer", and grants it write access. Users can be manually added to this group via Special:UserRights:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['writer']['edit'] = true;
$wgGroupPermissions['writer']['createpage'] = true;
In this example, you would probably also want to create these pages:
- MediaWiki:Group-writer (content:
Writers
) - MediaWiki:Group-writer-member (content:
Writer
) - MediaWiki:Grouppage-writer (content:
Project:Write
)
Removing predefined groups
MediaWiki out of the box comes with a number of predefined groups. Most of these groups can be removed by unsetting the according array keys, among them $wgGroupPermissions[ '<group-name>' ]. For details, see below.
예제
This example will eliminate the bureaucrat group entirely.
It is necessary to ensure that all six of these variables are unset for any group that one wishes to remove from being listed at Special:ListGroupRights; however, merely unsetting $wgGroupPermissions will suffice to remove it from Special:UserRights.
This code should be placed after any require_once
lines that add extensions, such as 확장기능:안티스푸프 containing code that gives bureaucrats group permissions by default.
unset( $wgGroupPermissions['bureaucrat'] );
unset( $wgRevokePermissions['bureaucrat'] );
unset( $wgAddGroups['bureaucrat'] );
unset( $wgRemoveGroups['bureaucrat'] );
unset( $wgGroupsAddToSelf['bureaucrat'] );
unset( $wgGroupsRemoveFromSelf['bureaucrat'] );
In some extensions (Flow, Semantic MediaWiki, etc.), rights are added during extension registration or in a registration function. In this case, it could be necessary to use a registration function in LocalSettings.php
to remove some predefined user groups:
$wgExtensionFunctions[] = function() use ( &$wgGroupPermissions ) {
unset( $wgGroupPermissions['oversight'] );
unset( $wgGroupPermissions['flow-bot'] );
};
Note on the group called "user"
With the above mechanism, you can remove the groups sysop, bureaucrat and bot, which - if used - can be assigned through the usual user permission system.
However, it is currently impossible to remove the user
group.
This group is not assigned through the usual permission system.
Instead, every registered user automatically is a member of that group.
This is hardcoded in MediaWiki and currently cannot be changed easily.
권한 목록
The following user rights are available in the latest version of MediaWiki. If you are using an older version, look at Special:Version on your wiki and see if your version is covered in the "Versions" column.
권한 | 설명 | User groups that have this right by default | 버전 |
---|---|---|---|
읽기 | |||
read | 문서 읽기 - when set to false, override for specific pages with $wgWhitelistRead
|
*, user | 1.5+ |
편집 | |||
applychangetags | 자신이 편집할 때 태그를 적용하기 - requires the edit right
|
user | 1.25+ |
autocreateaccount | 외부 사용자 계정으로 자동 로그인 - a more limited version of createaccount | — | 1.27+ |
createaccount | 새 사용자 계정 만들기 - register / registration | *, sysop | 1.5+ |
createpage | 문서 만들기 (토론 문서 제외) - requires the edit right
|
*, user | 1.6+ |
createtalk | 토론 문서 만들기 - requires the edit right
|
*, user | 1.6+ |
delete-redirect | 판이 하나인 넘겨주기를 삭제 (note that this is not needed if the group already has the delete right)
|
— | 1.36+ |
edit | 문서 편집 | *, user | 1.5+ |
editsemiprotected | "Allow only autoconfirmed users" 단계로 보호된 문서 편집 - without cascading protection - requires the edit right | autoconfirmed, bot, sysop | 1.22+ |
editprotected | "Allow only administrators" 단계로 보호된 문서 편집 - without cascading protection - requires the edit right | sysop | 1.13+ |
minoredit | 사소한 편집으로 표시 - requires the edit right
|
user | 1.6+ |
move | 문서 이동 - requires the edit right
|
user, sysop | 1.5+ |
move-categorypages | 분류 문서 이동 - requires the move right
|
user, sysop | 1.25+ |
move-rootuserpages | 최상위 사용자 문서 이동 - requires the move right
|
user, sysop | 1.14+ |
move-subpages | 문서와 하위 문서 이동하기 - requires the move right
|
user, sysop | 1.13+ |
movefile | 파일 이동 - requires the move right as well
|
user, sysop | 1.14+ |
reupload | 이미 존재하는 파일을 다시 올리기 - requires the upload right
|
user, sysop | 1.6+ |
reupload-own | 자신이 이미 올린 파일 덮어쓰기 - requires the upload right (note that this is not needed if the group already has the reupload right)
|
— | 1.11+ |
reupload-shared | 공용의 파일을 무시하고 로컬에서 파일 올리기 - (if one is set up) with local files (requires the upload right)
|
user, sysop | 1.6+ |
sendemail | 다른 사용자에게 이메일 보내기 | user | 1.16+ |
upload | 파일 올리기 - requires the edit right and $wgEnableUploads to be true
|
user, sysop | 1.5+ |
upload_by_url | URL 주소에서 파일 올리기 - requires the upload right (Prior to 1.20 it was given to sysops)
|
— | 1.8+ |
<span id="Management">Management | |||
bigdelete | 문서 역사가 긴 문서를 삭제 (as determined by $wgDeleteRevisionsLimit) - requires the delete right | sysop | 1.12+ |
block | 다른 사용자가 편집을 못하도록 차단 또는 차단 해제 - Block options include preventing editing and registering new accounts, and autoblocking other users on the same IP address | sysop | 1.5+ |
blockemail | 다른 사용자가 이메일을 보내지 못하도록 차단 또는 차단 해제 - allows preventing use of the Special:Emailuser interface when blocking - requires the block right | sysop | 1.11+ |
browsearchive | 삭제된 문서 검색 - through Special:Undelete - requires the deletedhistory right | sysop | 1.13+ |
changetags | 문서의 특정 판과 특정 기록 항목에 임의의 태그를 추가하거나 제거하기 - currently unused by extensions | user | 1.25+ |
delete | 문서 삭제 1.5–1.11: allows the deletion or undeletion of pages. 1.12+: allows the deletion of pages. For undeletions, there is now the 'undelete' right, see below |
sysop | 1.5+ |
deletedhistory | 삭제된 문서의 내용을 제외한 역사를 보기 | sysop | 1.6+ |
deletedtext | 삭제된 문서의 내용과 편집상의 차이를 보기 | sysop | 1.16+ |
deletelogentry | 특정 기록 항목을 삭제 및 되살리기 - allows deleting/undeleting information (action text, summary, user who made the action) of specific log entries - requires the deleterevision right | suppress | 1.20+ |
deleterevision | 문서의 특정 판을 삭제 및 되살리기 - allows deleting/undeleting information (revision text, edit summary, user who made the edit) of specific revisions Split into deleterevision and deletelogentry in 1.20 | suppress | 1.6+ |
editcontentmodel | 문서의 콘텐츠 모델을 편집 - requires the edit right | user | 1.23.7+ |
editinterface | 사용자 인터페이스를 편집 - contains interface messages. For editing sitewide CSS/JSON/JS, there are now segregate rights, see below. - requires the edit right | sysop, interface-admin | 1.5+ |
editmyoptions | 자신의 환경 설정 편집 | * | 1.22+ |
editmyprivateinfo | 자신의 개인정보 데이터(이메일 주소, 실명 등)를 편집하고 비밀번호 초기화 메일을 요청하세요 - also hides the "Change Password", but not other ways to change the password - requires the viewmyprivateinfo right
|
* | 1.22+ |
editmyusercss | 자신의 사용자 CSS 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the editusercss right) - requires the edit right | user | 1.22+ |
editmyuserjs | 자신의 사용자 자바스크립트 파일 편집하기 - prior to 1.31 it was assigned to everyone (i.e. "*") (note that this is not needed if the group already has the edituserjs right) - requires the edit right | user | 1.22+ |
editmyuserjsredirect | 넘겨주기인 자신의 사용자 자바스크립트 파일 편집하기 (note that this is not needed if the group already has the edituserjs right) - requires the edit right | — | 1.34+ |
editmyuserjson | 자신의 사용자 JSON 파일 편집하기 (note that this is not needed if the group already has the edituserjson right) - requires the edit right | user | 1.31+ |
editmywatchlist | 자신의 주시문서 목록을 편집합니다. (이 권한이 없어도 문서를 추가할 수 있는 권한이 이외에도 있음을 참고하세요) - requires the viewmywatchlist right
|
* | 1.22+ |
editsitecss | 사이트 CSS 편집 - requires the editinterface right | interface-admin | 1.32+ |
editsitejs | 사이트 자바스크립트 편집 - requires the editinterface right | interface-admin | 1.32+ |
editsitejson | 사이트 JSON 편집 - requires the editinterface right | sysop, interface-admin | 1.32+ |
editusercss | 다른 사용자의 CSS 문서를 편집 - requires the edit right | interface-admin | 1.16+ |
edituserjs | 다른 사용자의 자바스크립트 문서를 편집 - requires the edit right | interface-admin | 1.16+ |
edituserjson | 다른 사용자의 JSON 파일을 편집 - requires the edit right | sysop, interface-admin | 1.31+ |
hideuser | 사용자 이름을 차단 및 차단 해제하고 비공개 또는 공개 처리 - Only users with 1000 edits or less can be suppressed by default - requires the block right
Use |
suppress | 1.10+ |
markbotedits | 되돌리기를 봇의 편집으로 취급 가능 - see Manual:Rollback - requires the rollback right | sysop | 1.12+ |
mergehistory | 문서 역사를 합치기 - requires the edit right | sysop | 1.12+ |
pagelang | 문서 언어 바꾸기 - $wgPageLanguageUseDB must be true | — | 1.24+ |
patrol | 다른 사용자의 편집을 점검된 것으로 표시 - $wgUseRCPatrol must be true | sysop | 1.5+ |
patrolmarks | 최근 바뀜에서 점검 표시를 보기 | — | 1.16+ |
protect | 보호 설정 바꾸기 및 연쇄 보호된 문서 편집 - requires the edit right | sysop | 1.5+ |
rollback | 특정 문서를 편집한 마지막 사용자의 편집을 신속하게 되돌리기 - requires the edit right | sysop | 1.5+ |
suppressionlog | 감춰진 기록을 보기 | suppress | 1.6+ |
suppressrevision | 어떤 사용자도 보지 못하도록 감춰진 판을 검토하고 되살리기 - Prior to 1.13 this right was named hiderevision - requires the deleterevision right | suppress | 1.6+ |
unblockself | 자신을 차단 해제하기 - Without it, an administrator that has the capability to block cannot unblock themselves if blocked by another administrator | sysop | 1.17+ |
undelete | 삭제된 문서 되살리기 - requires the deletedhistory right | sysop | 1.12+ |
userrights | 사용자의 모든 권한 조정 - allows the assignment or removal of all(*) groups to any user. (*)With $wgAddGroups and $wgRemoveGroups you can set the possibility to add/remove certain groups instead of all |
bureaucrat | 1.5+ |
userrights-interwiki | 다른 위키의 사용자 권한을 조정 - requires the userrights right | — | 1.12+ |
viewmyprivateinfo | 자신의 개인정보 보기 (이메일 주소, 실명 등) | * | 1.22+ |
viewmywatchlist | 자신의 주시문서 목록 보기 | * | 1.22+ |
viewsuppressed | 어떤 사용자도 보지 못하도록 감춰진 판 보기 - i.e. a more narrow alternative to "suppressrevision" (note that this is not needed if the group already has the suppressrevision right) | suppress | 1.24+ |
<span id="Administration">Administration | |||
autopatrol | 자신의 편집을 자동으로 점검된 판으로 표시 - $wgUseRCPatrol must be true | bot, sysop | 1.9+ |
deletechangetags | 데이터베이스에서 태그를 지우기 - currently unused by extensions | sysop | 1.28+ |
import | 다른 위키에서 문서 가져오기 - "transwiki" - requires the edit right | sysop | 1.5+ |
importupload | 파일 올리기를 통해 문서 가져오기 - This right was called 'importraw' in and before version 1.5 - requires the edit right | sysop | 1.5+ |
managechangetags | 데이터베이스에서 태그를 만들거나 지우기 - currently unused by extensions | sysop | 1.25+ |
siteadmin | 데이터베이스를 잠그거나 잠금 해제 - which blocks all interactions with the web site except viewing. (not available by default) | — | 1.5+ |
unwatchedpages | 주시되지 않은 문서 목록 보기 - lists pages that no user has watchlisted | sysop | 1.6+ |
<span id="Technical">Technical | |||
apihighlimits | API 쿼리에서 더 높은 제한 사용 | bot, sysop | 1.12+ |
autoconfirmed | IP 기반의 속도 제한에 영향을 받지 않음 - used for the 'autoconfirmed' group, see the other table below for more information (note that this is not needed if the group already has the noratelimit right) | autoconfirmed, bot, sysop | 1.6+ |
bot | 봇의 편집으로 취급 - can optionally be viewed | bot | 1.5+ |
ipblock-exempt | IP 차단, 자동 차단, 광역 차단을 무시 | sysop | 1.9+ |
nominornewtalk | 토론 문서에서 사소한 편집으로 새 메시지 알림을 보내지 않기 - requires the minoredit right | bot | 1.9+ |
noratelimit | 속도 제한에 영향을 받지 않음 - not affected by rate limits (prior to the introduction of this right, the configuration variable $wgRateLimitsExcludedGroups was used for this purpose) | sysop, bureaucrat | 1.13+ |
override-export-depth | 최대 5단계로 링크된 문서를 포함하여 문서를 내보내기 With this right, you can define the depth of linked pages at Special:Export. Otherwise, the value of $wgExportMaxLinkDepth , which is 0 by default, will be used. |
— | 1.15+ |
suppressredirect | 문서를 이동할 때 원래 문서 이름으로 된 넘겨주기를 만들지 않기 - requires the move right | bot, sysop | 1.12+ |
그룹 목록
The following groups are available in the latest version of MediaWiki. If you are using an older version then some of these may not be implemented.
그룹 | 설명 | 기본 권한 | 버전 |
---|---|---|---|
* | 모든 사용자 (익명 사용자 포함). | createaccount, createpage, createtalk, edit, editmyoptions, editmyprivateinfo, editmywatchlist, read, viewmyprivateinfo, viewmywatchlist | 1.5+ |
temp | Temporary user accounts (T330816) | Similar to * group | 1.41+ |
user | 계정 생성. Does not include temporary accounts. | applychangetags, changetags, createpage, createtalk, edit, editcontentmodel, editmyusercss, editmyuserjs, editmyuserjson, minoredit, move, move-categorypages, move-rootuserpages, move-subpages, movefile, purge, read, reupload, reupload-shared, sendemail, upload | 1.13+ |
autoconfirmed | Registered accounts at least as old as $wgAutoConfirmAge and having at least as many edits as $wgAutoConfirmCount . | autoconfirmed, editsemiprotected | 1.6+ |
bot | Accounts with the bot right (intended for automated scripts). | autoconfirmed, autopatrol, apihighlimits, bot, editsemiprotected, nominornewtalk, suppressredirect | 1.5+ |
sysop | Users who by default can delete and restore pages, block and unblock users, etc. | apihighlimits, autoconfirmed, autopatrol, bigdelete, block, blockemail, browsearchive, createaccount, delete, deletedhistory, deletedtext, editinterface, editprotected, editsemiprotected, editsitejson, edituserjson, import, importupload, ipblock-exempt, managechangetags, markbotedits, mergehistory, move, move-categorypages, move-rootuserpages, move-subpages, movefile, noratelimit, patrol, protect, reupload, reupload-shared, rollback, suppressredirect, unblockself, undelete, unwatchedpages, upload | 1.5+ |
interface-admin | Users who can edit sitewide CSS/JS. | editinterface, editsitecss, editsitejs, editsitejson, editusercss, edituserjs, edituserjson | 1.32+ |
bureaucrat | Users who can change the rights of other users by default and therefore have full access of the entire wiki. | noratelimit, userrights | 1.5+ |
suppress | deletelogentry, deleterevision, hideuser, suppressionlog, suppressrevision, viewsuppressed | 1.13+ |
From MW 1.12, you can create your own groups into which users are automatically promoted (as with autoconfirmed and emailconfirmed) using $wgAutopromote . You can even create any custom group by just assigning rights to them.
기본 권한
The default rights are defined in MainConfigSchema.php .
- Default values in HEAD version:
https://phabricator.wikimedia.org/diffusion/MW/browse/master/includes/MainConfigSchema.php
- The default values in the latest stable MediaWiki release, version 1.43, are available here:
https://phabricator.wikimedia.org/diffusion/MW/browse/REL1_43/includes/MainConfigSchema.php
- Additional rights: you should be able to list all the permissions available on your wiki by running
PermissionManager::getAllRights()
.
새 권한 만들기
Information for coders only follows.
If you're adding a new right in core, for instance to control a new special page, you are required to add it to the list of available rights in PermissionManager.php , $coreRights
(example).
If you're doing so in an extension , you instead need to use $wgAvailableRights .
You probably also want to assign it to some user group by editing $wgGroupPermissions described above.
If you want this right to be accessible to external applications by OAuth or by bot passwords, then you will need to add it to a grant by editing $wgGrantPermissions .
// create projectmember-powers right
$wgAvailableRights[] = 'projectmember-powers';
// add projectmember-powers to the projectmember-group
$wgGroupPermissions['projectmember']['projectmember-powers'] = true;
// add projectmember-powers to the 'basic' grant so we can use our projectmember powers over an API request
$wgGrantPermissions['basic']['projectmember-powers'] = true;
You also need to add right-[name]
and action-[name]
interface messages to /languages/i18n/en.json (with documentation in qqq.json).
The right-* messages can be seen on Special:ListGroupRights and the action-* messages are used in a sentence like "You do not have permission to ...".
같이 보기
- Special:ListGroupRights – Links to this help page and might contain not yet documented rights
- 도움말:사용자 권한과 사용자 그룹 – Help page describing use of the Special:Userrights interface (for bureaucrats)
- Manual:Setting user groups in MediaWiki – Information about managing and the assignment of user groups.
- Manual:$wgNamespaceProtection
- Manual:$wgAutopromote
- 매뉴얼:$wgAddGroups , Manual:$wgRemoveGroups
- Manual:Preventing access – 예시
- Manual:Establishing a hierarchy of bureaucrats
- Category:User rights extensions – Many extensions relating to user rights