I would like to allow the logged user to edit MediaWiki/Common.css without adding them to the sysop group.
I understand that this will allow user to change it to harful ways but it is a closed wiki so that is not a problem.
Any solution is acceptable even changing php code :)
Create a new group, add give it "editinterface" privilege. In LocalSettings.php it's done like this:
$wgGroupPermissions['mynewgroup']['editinterface'] = true;
Then add the user to you new group.
Or if you want to give that right to all logged-in users, do it like this:
$wgGroupPermissions['user']['editinterface'] = true;
// user is the default group for all logged-in users
For details see MediaWiki manual.
Probably safer to use;
$wgAllowUserCss = true;
See Mediawiki Manual for the complete details.
"When enabled, users are able to make personalised customisations over and above the normal choice of skins within the 'preferences' display."
A similar setting is available for Javascript.
Related
I've set up a private wiki for a class, and I'd like the students to create their own accounts (saving me from having to manually create them and email them instructions on how to login).
In LocalSettings.php, I changed the settings to the following:
# The following permissions were set based on your choice in the installer
$wgGroupPermissions['*']['createaccount'] = true;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['read'] = false;
My intention is for anyone to create an account (I can add the ConfirmAccount extension if need be, but more likely I'll just change the flag to false after my students have signed up), but nobody can read or edit pages without becoming a user.
On the main page of the wiki, there is now a link to Create Account. However, clicking it just leads back to the Login prompt. The only way I can get the Create Account page is by changing all of the permissions above to true.
Is there a way to block read/edit access but allow account creation?
Okay I found a solution--surprising this wasn't included in the mediawiki documentation on the pages for managing users or restricting access.
Add this line to LocalSettings.php:
$wgWhitelistRead = array( 'Special:RequestAccount', 'Main Page', 'Special:CreateAccount' );
I want to open comments for anonymous users also but only for blogs content type. Is there any module I need to download or we need to do it programmatically or it can be done through the Drupal backend?
It can done through drupal permissions, goto "people/permissions" search for comment and look for post comments settings and check the checkbox for anonymous user.
We have a closed wiki - and we want to set all existing users accounts to be confirmed. (when the user was added the email was added)
We also want to have that setting automatically set to true for new users.
What I want to do:
Default the email confirmed to true for all new users that we create/add
Set the email confirmed for all existing users without requiring the user to take any action
(I realize this may not be desirable however, it is a closed system and the emails have already been vetted/verified)
How can I achieve this?
EDIT:
I tried using the ImportUsers plugin - with the 'emailconfirmed' user group populated - but that did not work as I had hoped. It did work for other group names.
Is there a way I can get to the database directly?
To confirm all currently unconfirmed users you could run this query against the database:
UPDATE `mw_user`
SET `user_email_authenticated`= DATE_FORMAT(NOW(),'%Y%m%d%H%i%s')
WHERE `user_email_authenticated` IS null
The information to access your database should already be present in your LocalSettings.php file, you can access the database using the credentials saved there with a tool like Navicat or MySQL Query Browser
However, there seems to be no simple way already present in MediaWiki to automatically set newly registered users to confirmed.
There are some plugins that hook into the code when a new user is registered, so technically it would be possible to write an extension that does exactly what you want. Or you could run this query manually when you register a user.
It might help to also ask yourself - why do you need them confirmed?
I was in a similar situation and the answer for me was to remove this line from the server's LocalSettings.php:
$wgEmailConfirmToEdit = true;
Now my users don't have a reason to confirm their emails.
My user is part of the sysop group, but I do not see a way to edit the history. I have even added the variable $wgRCMaxAge = 2592000 to the LocalSettings.php file.
See RevisionDelete. $wgRCMaxAge controls how long back can you go in Special:RecentChanges, it's not related to anything like that.
I understand how to restrict entire pages, or even components by implementing <cflogin> and roles. For example:
<cfif IsUserInRole("Admin") OR IsUserInRole("Accounting")>
...You can view this page...
<cfelse>
...You can not view this page...
</cfif>
But how is it recommended to restrict certain facets of a page? Say for example an "Admin" is allowed to send Global Messages to all users, but that option is not available for a regular "User"
I suppose I could use the Session to manipulate my Views (pages). How is this typically handled?
You're right, securing a page and securing elements is different.
In my opinion and in practice, I think tying any code to a role or user is actually the wrong approach. Instead, tie permissions to elements and pages - then tie roles to those permissions. And of course, users are assigned roles.
It is important to have all three :
Users
Roles
Permissions <-- this is what you're missing
Permissions are what secure elements and pages, not roles or users Your code should have no clue (because it doesn't need to) what users or roles there are - just names of permissions.
When a user logs in, I grab their role(s). Then I grab all the permissions that are assigned to those roles (simply a list of string values).
For example, on a page I might have :
Add item
View item
Delete item
When I code that page, I actually secure each of those elements with permission strings named similar ( addItem, viewItem, deleteItem).
<cfif listContainsNoCase( session.permissions, 'addItem' )>
<!--- code to add item --->
</cfif>
(Note: I recommend using a custom tag or function for this, but for purposes of an example, the above works fine).
If you do it this way, it provides maximum flexibility and abstraction. If you secure elements based off of roles, you limit yourself :
Adding new roles will require a lot of code changes!
Changing permissions between roles requires a lot of code changes!
If you do it as mentioned above, you will never need to change your security code within the code base, because "addItem" permission should always be on the "add item" logic, right? :)
Now if you happen to need to create a "manager" type role, that has all the user roles and a select few admin rights, you simply create that role, and assign it the correct permissions (maybe addItem and editItem, but not deleteItem). Bam! Now I have a manager role to assign to users with no code changes!
If I had sprinkled my code with "is user this role" type of stuff - I would have to go edit my code everywhere to allow my new role "manager" - yuck!
Make sense?
=)
Things start going awry when businesses like to change the permissions that a Role has often because they don't know how else to give someone rights to do something.
So lets say a user in Marketing wants "update" rights to do some task. Someone in the business gives them the Update permission. But an IT Manager also has "update" rights which gives him access to things that the Update permission for Marketing should not.
So... I actually go one step further and specify Roles that have Permissions based on what Department that user is in. Yes its very complex and very tedious to manage hence I ended up on this question in my search for a better way to do it.