I created a restriction extension that can prevent access using users or
groups. You just do this:
<restrict>user1,user2,group1,group2</restrict>
When a user attempts to access the page who is not listed in the <restrict>
tag, and is not a member of a listed group, then they are redirected to a
page that tells them "its a restricted page, blah blah".
At Intuit, it is used in a few, select groups where they discuss policy,
security, things that have SEC regulations regarding disclosure and
employees who sell stock. In such cases, it isn't a matter of "trust" in an
organization with more than 7,000 employees, rather it is a matter of
company security (we also hire plenty of contractors who gain temporary
access to our intranet for various reasons) as well as a matter of law (SEC
regs for a public company).
The code is very simple. It renders the "<restrict>etc...</>" tag
area in
red as "Restricted page: user1, etc...". If the user/group isn't found, it
redirects the user to a page titled "Restricted Page".
$wgExtensionFunctions[] = "wfRestrictExtension";
function wfRestrictExtension() {
global $wgParser;
$wgParser->setHook( "restrict", "renderRestrict" );
}
# The callback function for converting the input text to HTML output
function renderRestrict( $input ) {
global $wgUser,$wgOut;
$inputvars = explode(',', $input);
$uName = $wgUser->getName();
$rights = $wgUser->getRights();
foreach ($inputvars as $val)
{
if ($val == $uName)
return "<br><font color=red>Restricted Page: </font>" .
$input . "<br>";
// return;
foreach ($rights as $r)
{
if ($r == $val)
return "<br><font color=red>Restricted Page: </font>" .
$input . "<br>";
// return;
}
}
$wgTitle = Title::newFromURL("Restricted_Page");
$wgOut->redirect($wgTitle->getFullURL());
return;
}
- MHart