How do I create my own custom group in mediawiki? - mediawiki

I have been reading carefully through the MediaWiki documentation but I have not been able to find out how to create new groups.
When I look at Special:Userrights, I see only 3 groups :
Bots, Sysops, Bureaucrats
I would like to create my own custom groups, so I can use some extensions like the http://www.mediawiki.org/wiki/Extension:Group_Based_Access_Control.
Can someone tell me how it's done, or point me to some documentation?

You can add permissions for new groups to your LocalSettings.php file and they will automatically appear in the Special:UserRights page.
For example, I wanted to disallow editing by regular users but create a "Trusted" group that was allowed to edit. The following code creates a "Trusted" group that is equal to the "user" group, except that "Trusted" users can edit but "user" users cannot.
$wgGroupPermissions['Trusted'] = $wgGroupPermissions['user'];
$wgGroupPermissions['user' ]['edit'] = false;
$wgGroupPermissions['Trusted']['edit'] = true;
$wgGroupPermissions['sysop' ]['edit'] = true;
On the Special:UserRights page, I can now check the "Trusted" box to make users trusted.

You can alter the appearance of the group name by creating the following messages:
(For a group named ninja:)
MediaWiki:Group-ninja (content: Ninjas)
MediaWiki:Group-ninja-member (content: ninja)
MediaWiki:Grouppage-ninja (content: Project:Ninjas)
This will insure that the group will be referred to as "Ninjas" throughout the interface, and a member will be referred to as a "ninja", and overviews will link the groupname to Project:Ninjas.
(source: http://www.mediawiki.org/wiki/Manual:User_rights#Examples)

Here you will find a List of Permissions. http://www.mediawiki.org/wiki/Manual:User_rights

I beleive I have found the answer, I just need to add the UserGroup and the permission to the wgGroupPermissions array in the LocalSettings.php file.
$wgGroupPermissions['TomatoUsers']['read'] = true;
$wgGroupPermissions['TomatoUsers']['edit'] = false;

I don't have the reputation to vote up the first answer (which can also be added to extension initialization files), but for when you get to adding users to your groups you may want to consider directly editing the database (ie. if you need to sync the wiki groups with external information). If you open the database "wikidb" the "PREFIX_user_groups"* table contains the mapping between user IDs (ug_user) and group names (ug_group). This table, combined with the "PREFIX_user"* table's name information (user_name) and ID information (user_id), give you all the information to add and remove large numbers of users from groups.
* Replace "PREFIX" with the database prefix you used for your wiki.

Related

How to efficiently render content based on user permission? (Using permission based access control)

Rendering based on roles is a common thing, you have the admin, moderator and user and render it accordingly. However, how can I render it based on general rules? This structure below may help:
---Platform (platform)
-----Manage User (permissionGroup)
---------Delete (permission)
---------Update
---------Create
---------Update
I could render every permission inside the platform like this, but the UX/UI wouldn't be good, so the wanted approach would be something like:
---Platform (platform)
-----Manage User(permissionGroup)
Then inside the manage user I could list (permission) them, and for each, buttons called Update and Delete would appear.
Simplified tables below:
platform(
id
icon (for automatic rendering purposes)
name (for automatic rendering purposes)
);
permissionGroup(
id,
icon (for automatic rendering purposes)
name (for automatic rendering purposes)
route
platformID
);
permission(
id
permissionGroupID
name
isActive
);
userPermission(
id
permissionID
userID
);
What is the best way I could render the content based on these permission rules?
After some googling I found this lib, which looks promising. In nutshell, it basically lets you define all the permissions for current role in single file without code duplication. It also has a vue integration.
you can try CASL. check below .
https://github.com/stalniy/casl/blob/master/packages/casl-react/README.md

MediaWiki - User Table

I'd like to include a table with all registered users on a page in my MediaWiki but the only user list I can find is the special page "Active users list".
Is it possible to include this (or a similar list with e.g. the entered real name) on a wiki page?
Thanks in advance for your help.
You can use the Special:ListUsers special page for this. It's a list of all users registered in your wiki.
You can include some special pages just like templates. So, to include the Special:ListUsers page on any wiki, you just need to paste the following wikitext code into the page where you want to show the user list:
{{Special:ListUsers}}
The limit for the list is 50 (iirc), so if you want to increase the length of the list, you can pass the limit parameter to the inclusion syntax:
{{Special:ListUsers|limit=100}}
However, I don't think that Special:ListUsers provides a way to show the real names of users, sorry.

How do I restrict a custom group to edit pages on mediawiki?

I am trying to restrict edit functionality for the group 'test' but unable to do so. Below are the changes I made so far:
$wgGroupPermissions['test']['read'] = true;
$wgGroupPermissions['test']['edit'] = false;
The problem is, that you create a new group and you want to revoke a permission for this group. $wgGroupPermissions isn't made to revoke permissions. Permissions granted via $wgGroupPermissions are cumulative, which means, that the permissions of all groups a user belongs to, reflects the permissions, the user has. If you set the edit permission of a group to false, and another group (e.g. user) has the edit permissions (set to true), the user (who belongs to both groups) will have the permission to edit. That's (maybe) a bit better explained on the Manual page (see the link above).
To achieve what you want, you need to:
Remove any other group with the edit permission from the user (that's not a good idea, if you have any other groups with special rights you get a really confusing and complex construct of permission management)
Use $wgRevokePermissions instead, see the example about how to revoke the edit permission for a group
Example to achieve what you want:
// inherit all rights from the user group
$wgGroupPermissions['test'] = $wgGroupPermissions['user'];
// revoke the edit permission for users in the group test
$wgRevokePermissions['test']['edit'] = true;
I hope that helps!
In MediaWiki, all users (including anonymous visitors) automatically belong to the group *, and all registered users (i.e. not anons) belong to the group user. By default, both of these automatic groups have the edit permission set to true, so every user can automatically edit pages.
To restrict editing to only certain users, you first need to remove those automatic edit rights by adding the following lines to your LocalSettings.php:
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
Now only users in groups that have the edit permission set to true can edit pages. There are no such groups by default, so to let anyone edit anything on your wiki, you'll have to add a few more lines to LocalSettings.php. For example, here's how to let admins (i.e. users in the group sysop) edit pages:
$wgGroupPermissions['sysop']['edit'] = true;
Alternatively, as already noted by Florian, you could use $wgRevokePermissions to remove editing rights from certain users. For example, here's how to allow all registered users, except those in the group blocked, to edit:
$wgGroupPermissions['*']['edit'] = false; // anons can't edit
$wgGroupPermissions['user']['edit'] = true; // normal users can edit
$wgRevokePermissions['blocked']['edit'] = true; // "blocked" users cannot
(Of course, the built-in user blocking feature in MediaWiki accomplishes this much better.)
Another option, if you wish to restrict editing only in certain namespaces, would be to use $wgNamespaceProtection, which lets you define a custom user right needed to edit pages in certain namespaces. For example, to allow only users in the custom group editor to edit pages in the main namespace, you could use:
$wgNamespaceProtection[NS_MAIN] = array( 'edit-main' );
$wgGroupPermissions['editor']['edit-main'] = true;

Hide toolbox for all users except admin and bureaucrat in MediaWiki

In skins/Vector.php I can hide toolbox from logged out user
by adding
global $wgUser;
then
case 'TOOLBOX':
if ( $wgUser->isLoggedIn() ) {
$this->renderPortal( 'tb', $this->getToolbox(), 'toolbox', 'SkinTemplateToolboxEnd' );
}
but User::isSysop() and similar are deprecated. It is recommended to use $user->isAllowed instead to specify a right, but how do I use this to specify the admin and bureaucrat group? Should I use some other function?
MediaWiki 1.22.2
PHP 5.3.6-13ubuntu3.10 (apache2handler)
MySQL 5.1.69-0ubuntu0.11.10.1-log
User::isAllowed() asks for a permission to do something, not for a user group (which leaves it up to the wiki admin to assign different rights to different user groups). In your case, you would want a new user permission, “see-toolbar”,or something like that, that you assign to e.g. the sysop user group in LocalSettings.php:
$wgGroupPermissions['sysop']['see-toolbar'] = true;
Your extension will also have to add the right to the list of available rights: $wgAvailableRights[] = 'see-toolbar';
Finally, you will ask for the permission like this:
if ( $user->isAllowed('see-toolbar') ) {
print toolbar here
}
More info on how to set user rights: https://www.mediawiki.org/wiki/Manual:User_rightser
Other extensions adding user rights: https://www.mediawiki.org/wiki/Category:Extensions_which_add_rights
Be aware that any user will still be able to bypass this restriction in a number of ways, e.g. by switching skin in their settings (or by appending ?useskin=skinname in the url). You probably want to make sure that sidebar caching is switched off too (it is off by default).

Integration custom tables with pas.plugin.sqlalchemy

I'm trying to integrate custom table for authentication and role into PAS.plugin.sqlalchemy.
After customisation model.py I did manage to get my user table schema as we have in existing user table. But while installation of this pas, its create numbers tables inculding property table. Property table linked with user table through foreign key. I don't have any property table in existing scenario.
By seeing my trackback I can see while doing SQL fetch pas looks for users and property table as join query. we have data in our user (web_contact_auth) table but not in property table.
u'SELECT TOP 1 web_contact_auth.contact_number AS web
_contact_auth_contact_number, web_contact_auth.password AS web_contact_auth_pass
word, principals.id AS principals_id, principals.type AS principals_type, princi
pals.zope_id AS principals_zope_id, web_contact_auth.password_reset_token AS web
_contact_auth_password_reset_token, web_contact_auth.password_reset_expiry AS we
b_contact_auth_password_reset_expiry \nFROM principals JOIN web_contact_auth ON
principals.id = web_contact_auth.contact_number \nWHERE web_contact_auth.contact
_number = ?' ('admin',)
My questiones are:
how should I create data in property table ? Is there anyway that I can ignore property table and just fetch data from user table only.
Adavance Thanks your time for reading/reply.
Regards
WEBBYFOX
Just don't activate that plugin. I don't have a properties table. In /acl_users/plugins/manage_active, Properties Plugins, I have sql as the last option. I don't see anything else obvious.