Project:WikiProject Extensions/Projects/Recovery/Candidate1

This page is obsolete. It is being retained for archival purposes. It may document extensions or features that are obsolete and/or no longer supported. Do not rely on the information here being up-to-date. WikiProject Extensions is not active anymore. See Manual:Extensions instead. For questions and help, see Communication.

If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked. For further details, see Security issues with authorisation extensions

Page-by-page authentication in MediaWiki

Author: Josh Greenberg

Source: http://www.epistemographer.com/2005/05/04/page-by-page-authentication-in-mediawiki/

All code below is made available under the GPL v2 license

In the interests of centralizing information, we’ve started an internal wiki at the “Center”:http://chnm.gmu.edu that will eventually function as a sort of dynamic handbook to our facilities, staff and projects. The choice of a wiki was ideal, because each staff member can flesh out the documentation on his or her projects, and since it’s for internal use, we can take the general good intentions of users for granted.

However, there are some pages that will need to be restricted to certain users (things like payroll/budget information, or staffing discussions), so I went ahead and wrote a small plugin that allows any user to restrict access to a wiki page by embedding the allowed usernames within a special tag (working off of a really useful “blog post”:http://daryl.learnhouston.com/?p=125 outlining MediaWiki plugins).

Here’s what you do. Save the following code into a file called “accessControl.php” in your MediaWiki /extensions directory

< ?php
// MediaWiki extension that enables access restriction on a page-by-page
// basis
// Added 5/3/05 by Josh Greenberg
// [based on code snagged from http://daryl.learnhouston.com/?p=125]

//Add the hook function call to an array defined earlier in the wiki
//code execution.
$wgExtensionFunctions[] = "wfAccessControl";

//This is the hook function. It adds the tag to the wiki parser and
//tells it what callback function to use.
function wfAccessControl() {
    global $wgParser;
    # register the extension with the WikiText parser
    $wgParser->setHook( "accesscontrol", "controlUserAccess" );
}

// The callback function for user access
function controlUserAccess( $input ) {
    // Grab currently logged in user
    global $wgUser;

    // Create array of users with permission to access this page
    $usersAccess = explode(",,", $input);

    // Trim leading whitespaces from usernames
    foreach ($usersAccess as $userEntry) {
        $userEntry = strtolower(ltrim($userEntry));
    }

    // Put up an error message if current user doesn't match
    // accesscontrol list
    if (!in_array(strtolower($wgUser->getName()), $usersAccess)) {
        echo '';
         exit();
    }
    return $output;
}
?>

Then, add a line to the bottom of your LocalSettings.php to tell it to include the plugin:

include("extensions/accessControl.php");

That’s it for the installation. To restrict access on a page-by-page basis to specific users, just include the names of the allowed users within an tag (separated by double commas) in the body of that page. Thus, if you wanted to restrict access to the people with usernames “Fred”, “janedoe” and “Josh Greenberg”, you would use the following syntax:

Fred,,janedoe,,Josh Greenberg

Be careful with this! If you’re restricting access to a page, make absolutely sure that you’re including your own username within the tags, or else you won’t be allowed to reload the page to fix your mistake. If you find yourself locked out of a page that you need access to, you’ll have to disable the plugin.