Help:SemanticAccessControl
From Edge of Darkness Wiki
SemanticAccessControl
Usage
- Configure default site access control rule. Edit UserGroup:SiteACL using "Edit with form" toolbar link.
- Configure the default policy for user in one group. Edit UserGroup:GroupACL using "Edit with form".
- Add any user who design the site. Edit UserGroup:Developers using "Edit with form".
- Add Groups and define Access control properly. Go to AdminLink->Create Custom Group.
- In your template, use the Property ACL Page Parent to establish the inheritance of permissions if needed. E.g. {{#set:ACL Page Parent=User:{{{Sample Has User|}}} }}
- In your template, Define content-specific ACL by adding ACL statement to Template. Group specific permission can be added like this
{{ACL Page Group Permission |UserGroup=All Users |Permission=write, read, grant |Grant=Reject }}
All Users is an implicit group. You can use it in your template. User specific permission can be added like this
{{ACL Page User Permission |User={{{PI}}} |Permission=read |Grant=Grant }}
ACL_Page_Fixed semantic property can be added to template so that the page can not be edited any more once it is created.
- User can edit/view page permission by following Permissions action tab.
Concept
This extensions classifies pages into three categories: content pages, schema pages and access control-related pages.
- Content page are the regular pages, most in the MAIN namespace.
- Schema pages are pages which define the overall site structure such as pages in template, property, category, form, concept namespace. These pages are not regular pages for end user. Schema Pages can only be edited by users in Developers group.
- Access control-related pages are pages in a namespace. These pages can be edited only when a user has proper Grant permission.
Access control for content page follows these flow.
At any stage, if a right is explicitly granted or denied, the checking stops. Otherwise, it goes to next stage.
- page owner and users in bot, sysop, and bureaucrat have all permissions all the time. Page owner is the user who creates the page in the first place and any one defined with ACL Page Owner semantic property.
- Check any permission in the page itself. The permission could be introduced implicitly from template.
- Check any permission which is created by end user following the Permissions action tab.
- Check any inherited permission if the page has one.
- Find all groups the page owner belongs to and any group as is defined with ACL Page Group semantic properties. If current user is in one of the group, Check the group policy as is defined in UserGroup page. Then check GroupACL.
- Check policy in SiteACL.
- Fall back to MediaWiki itself.