Simple ACL implementation for 1.3.11 - Wikitech-l

16 Mar 2005

Hi everyone,

as I needed some basic protection on some pages of my wiki, I
went ahead and implemented a simple ACL mechanism. This is
based on the 1.3.11 version of the code, I did not yet look
at the 1.4 stuff. I plan to adapt 1.4 when I'm upgrading my
site, which will not happen before the final release.

The changed files can be found at
http://www.maphi.net/SimpleACLs-1.3.11.zip if anyone is
interested.

Now, as I have no idea on how the submittal process works.
Is there a chance to include this into the wiki itself, or
does it have to be for 1.4 in order to be included?
Do I need to submit the changes in a specific format, like
a diff? If so, which would be the right tool to use? I'm
working on a Windows box, using WinDiff - I guess that's not
the right tool here :)

Some background on what I did:

The page SpecialMakesysop allows Developer-Sysops (the user
needs both rights) to give arbitrary rights to users. This
can be any string, comma-separated for multiples, with a total
length of 255 characters because of the DB limit. With the
exception of sysop, bureocrat, developer, bot, and hidden
(see below) there is no special meaning to any right.

I changed Skin.php, SkinCologneBlue, and SkinPhptal, so that
the protect button is available to any user that has any
right. As these rights need to be given by someone else,
vandalism should not be an issue.

Protecting a page sets its restrictions to the rights of the
protecting user. If the user has more than one right, he can
specify which of his rights should be applied by editing the
restriction string. This is rather error prone, but in my
wiki, people have only one right.

The protect page contains a checkbox to hide a page from
public view. If this checkbox is set, the "hidden" restriction
is added to the page as well.

People can only edit a page if they have all rights (minus
hidden) that the page requires. This is straight from the
existing code. They also need all rights to unprotect the page.

People can only read hidden pages if they have at least one
of the necessary rights.

Sysops can always read, edit, and unprotect all pages.

I did a small change to SearchEngine, so that the search does
not give previews if the feature is enabled. Users will see
if their search term appears in a hidden page, but that's it.

I left RecentChanges alone, so the page names and change
comments are still visible to everyone.

The whole feature can be enabled by setting $wgEnableSimpleACLs
to true in LocalSettings.php. You also need to create one
developer,sysop user using SQL as described in
http://meta.wikimedia.org/wiki/Setting_user_rights_in_MediaWiki.
This user then can give rights to other users.

Comments (and bug detections) are welcome.

Regards, MaPhi