How can i disable or delete an user in mediawiki?
I can delete the records from the db but i am not sure if this would affect anything else in the wiki.
Any suggestions would be welcome
Thanks
Prady
1. This solutions is available out of the box for MediaWiki 1.16+
The user and all the contributed content will remain but they will not be able to log in any more.
There are two steps that need to be done:
First block the user using the link in Special Pages.
Blocking can be performed against user id or IP address to prevent them from editing the wiki.
They will still be able to log in and view content.
Then in LocalSettings.php add $wgBlockDisablesLogin=true; ($wgBlockDisablesLogin).
Now upon logging in the user will be greeted with Login error. This user is blocked. Login not allowed..
2. This solutions requires an extension that works with MediaWiki 1.29+
If you want to completely remove access to a user, e.g. on a simple private wiki, it's not possible to simply delete the account (unless no edits have been made); you can block it, but the user will still be able to read pages. However, using User Merge and Delete extension you can merge the account in another one and delete the former; the original account will then "disappear".
Also:
If you want to preserve history readability (i.e., to have edits from the user to be still shown under his name), you can create a new account e.g. with username "OriginalUserName (deactivated)" and then merge "OriginalUserName" into the former, or even use Renameuser extension.
I suppose if you wanted to revive the user later on you would need to repeat this process but this time you would merge OriginalUserName (deactivated) into OriginalUserName.
See Preventing Access page in the MediaWiki manual.
There's a special page that Admin users can see, /Special:BlockIP. Block them there.
You can also get to it from the Special Pages page, /Special:SpecialPages.
you could also reset the password of the user via
/Special:PasswordReset
note: I would not recommend deleting data via scripts in the DB. there are various functionalities for rolling back unwanted user edits, merging contribution from one user to another, etc.
Related
I'm playing around with the CakeDC/Users plugin and I can't for the life of me figure out how to give permission for non-logged in visitors (lets call them 'guests') to access things like my /pages/home, or if I was to do a Blog plugin, allow guests to see posts etc (but not edit).
Is this possible using the 'permissions.php' file? Seems to only work for user groups (admin and user) rather than guests? Or do I have to play around with $this->Auth->allow() and $this->Auth->deny() as in this post which seems to make the permissions.php file kinda pointless...
RBAC permissions defined in CakeDC/Users are checked in the authorization step, which means you have a user already logged in (authenticated) requesting access to a specific controller/action.
All these checks happen in the core CakePHP AuthComponent per the plugin configuration.
You want to exclude specific pages from Auth, which is something managed outside of the plugin (for now). The right way to do that is using
$this->Auth->allow('yourAction');
In the controller's beforeFilter function.
There's an interesting problem I'm facing as an educator. I want to collect user names in a form, but when I do that, it automatically enables students to email themselves a copy of their response.
I believe there's a way to somehow poll who's responded. When you enable the "one response per user" option, it doesn't require a stored user name. I know the information is out there somewhere - I just don't know how to get to it.
Any help would be greatly appreciated!
EDIT: I neglected to be specific about the coding aspect - apologies. I'm generating the form programmatically, and wanted to know if the information is stored somewhere in the response when the one-response-per-person option is enabled. After more digging, it appears that the easiest way to deal with this is to use an extension to handle disabling the email option.
Thanks for all your help!
you cant get the user email unless you enable that option like you mentioned. yes google might internally know who you are if you were already logged-in but its not perfect because using chrome incognito mode for example would not detect the email.
one way I can think is to:
1) with apps script generate an array of all student emails and a random password. dump to a private spreadsheet and use as your database for the next script.
2) in your forms, ask first as a form question the custom username and password.
3) on another script you can generate form urls with prefilled usernames and passwords and email each student their own custom form url.
when the student opens the form to respond, the username and password would be prefilled already.
not perfect but a malicious user would need to hack the email and if they can hack their email then they could also impersonate the user logged-in.
Currently the bane of my existence is dealing with users email signatures at work, changing names, titles, departments, new users...it's all annoying. Currently I manage it with GAM and a semi templated HTML file to push changes, which works okay, but it's still a manual process. What I'm looking to do is create a small app script or app engine project that can...
detect a new or changed user
pull the fields needed to fill in their signature template
push the changes to their account
2 & 3 are no problem at all, it's #1 that I cannot find a reasonable solution to.
I had thought about using the google apps audit settings to email a specific mailbox when a new user is created, but that will only catch new users, not changes in titles and such. My only apparent option is something that runs periodically checking all the users signatures against what my script would generate and updating if needed, but that's hardly efficient and creates a potential timelapse in the waiting period meaning when people want things 'done now' (which is of course, every request), it will mean I manually trigger the job; effectively bringing me back to my original solution.
Is there any kind of user feed that contains changes available in google apps? Maybe google has a POST hook that hits a predefined URL on changes?
You can probably use push notifications for this https://developers.google.com/drive/web/push using the users.watch method https://developers.google.com/admin-sdk/directory/v1/reference/users/watch
My users store some data on my website that they might like to backup on another site, for example dropbox or google docs.
Is there a way for me to save their data into their accounts but (here it comes...) without knowing their password? Like Paypal, where only Paypal sees your password, except more complicated because the user needs to ok that data be copied into their account?
Or does anyone have any clever ideas about this? They could, of course, just copy it to their desktop and drag it in from there. But maybe a nice way to do this??
Or just use the Saver: https://www.dropbox.com/developers/dropins/saver
No auth required. The user just logs in (if not already) and chooses a location, and the file gets saved into their Dropbox.
That is basically what OAuth2 does.
User accesses Google Drive/Dropbox website and log in to grant you access.
Then, you will get special access code which you can use to save data without you knowing user's password.
Here are some links you might find useful:
https://developers.google.com/accounts/docs/OAuth2
https://www.dropbox.com/developers/blog/45/using-oauth-20-with-the-core-api
I have three websites: a.example.com, b.example.com, and c.net. Each was built a couple years after the other and all have their own users table.
I want to integrate these sites together so that I can login with a single username/password combo and have access to all three sites just by clicking links without having to login again.
I've never done an integration like this before, so looking at two angles:
1) Create another website, 'd.net' where new accounts can be created. If you login to one of the original three sites, it asks you for your d.net account. If you dont have one it asks you to make one. In your 'account settings' on d.net, you can 'add sites' to your account by entering your old username and password for them. Sound reasonable?
2) Solving the technical problem of being able to one-click login to another of the three sites if i'm already logged into d.net. Afaik, cookies with a session ID can't be shared across domains. So... maybe generate a token and save it to the database. Send token over GET to another website, which can check the token, log the user in, and then delete the token. Sound about right?
Have you looked at OpenID?
http://en.wikipedia.org/wiki/OpenID
Don't have to re-invent the wheel.