Project:WikiProject Extensions/Projects/Recovery/Candidate1

Page-by-page authentication in MediaWiki

Author: Josh Greenberg

Source: http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/

All code below is made available under the GPL v2 license


In the interests of centralizing information, we’ve started an internal wiki at the “Center”:http://chnm.gmu.edu that will eventually function as a sort of dynamic handbook to our facilities, staff and projects. The choice of a wiki was ideal, because each staff member can flesh out the documentation on his or her projects, and since it’s for internal use, we can take the general good intentions of users for granted.

However, there are some pages that will need to be restricted to certain users (things like payroll/budget information, or staffing discussions), so I went ahead and wrote a small plugin that allows any user to restrict access to a wiki page by embedding the allowed usernames within a special tag (working off of a really useful “blog post”:http://daryl.learnhouston.com/?p=125 outlining MediaWiki plugins).


Here’s what you do. Save the following code into a file called “accessControl.php” in your MediaWiki /extensions directory

< ?php
// MediaWiki extension that enables access restriction on a page-by-page
// basis
// Added 5/3/05 by Josh Greenberg
// [based on code snagged from http://daryl.learnhouston.com/?p=125]

//Add the hook function call to an array defined earlier in the wiki
//code execution.
$wgExtensionFunctions[] = "wfAccessControl";

//This is the hook function. It adds the tag to the wiki parser and
//tells it what callback function to use.
function wfAccessControl() {
    global $wgParser;
    # register the extension with the WikiText parser
    $wgParser->setHook( "accesscontrol", "controlUserAccess" );
}

// The callback function for user access
function controlUserAccess( $input ) {
    // Grab currently logged in user
    global $wgUser;

    // Create array of users with permission to access this page
    $usersAccess = explode(",,", $input);

    // Trim leading whitespaces from usernames
    foreach ($usersAccess as $userEntry) {
        $userEntry = strtolower(ltrim($userEntry));
    }

    // Put up an error message if current user doesn't match
    // accesscontrol list
    if (!in_array(strtolower($wgUser->getName()), $usersAccess)) {
        echo '';
         exit();
    }
    return $output;
}
?>


Then, add a line to the bottom of your LocalSettings.php to tell it to include the plugin:

include("extensions/accessControl.php");

That’s it for the installation. To restrict access on a page-by-page basis to specific users, just include the names of the allowed users within an tag (separated by double commas) in the body of that page. Thus, if you wanted to restrict access to the people with usernames “Fred”, “janedoe” and “Josh Greenberg”, you would use the following syntax:

Fred,,janedoe,,Josh Greenberg


Be careful with this! If you’re restricting access to a page, make absolutely sure that you’re including your own username within the tags, or else you won’t be allowed to reload the page to fix your mistake. If you find yourself locked out of a page that you need access to, you’ll have to disable the plugin.