Extension:Semantic ACL
<translate> If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package.</translate> <translate> MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data.</translate> <translate> We are not responsible for anything being leaked.</translate>
<translate> For further details, see [[<tvar name=1>Special:MyLanguage/Security issues with authorization extensions</tvar>|Security issues with authorisation extensions]]</translate> |
Semantic ACL Release status: stable |
|
---|---|
Description | Allows per-page (or file) read and edit restrictions to be set using Semantic MediaWiki properties. |
Author(s) | |
Maintainer(s) | Antoine Mercier-Linteau |
Latest version | 0.2b |
MediaWiki | 1.38+ |
PHP | 7.0+ |
Database changes | No |
License | GNU General Public License 2.0 or later |
Download | |
|
|
|
|
Compatibility
|
|
Quarterly downloads | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Public wikis using | Lua error in Module:Extension at line 172: bad argument #1 to 'inNamespace' (unrecognized namespace name 'skin'). |
Translate the Semantic ACL extension if it is available at translatewiki.net | |
Issues | Open tasks · Report a bug |
The Semantic ACL (Access Control List) extension allows read and edit restrictions to be set on pages and files using semantic properties. Restrictions can be for anonymous/registered users, user groups or individual users.
Features
On top of denying viewing or editing of pages to certain users, Semantic ACL:
- Works through transclusions
- If a page is transcluding a page or a subset of the page that has a protection in place, users not allowed to view that content will see a placeholder message instead.
- Works with files
- If a file is protected, users not allowed to see the file will be denied access to the file page and will see placeholder content where the file is used in other pages. If a file is uncategorized or part of category that an anonymous user is not allowed to see, placeholder content will be displayed instead. Please not that this does not prevent retrieving files using raw URLs.
- Works with search results and semantic queries
- Search results including a page that a user is not allowed to see won't display the content of the page, only its title. Semantic page queries (except count) exclude pages a user can't view.
- Works with Structured Discussions and talk pages
- A talk page or a structured discussion will get the same protection as its associated content page.
- Works within the wiki
- No need to edit LocalSettings.php to modify restrictions, everything is done from inside your wiki.
- Works with many use cases
- Restrictions can be enabled for anonymous/registered users, user groups or individual users.
- Allows sharing protected pages with a private link
- A key can be defined on a page to allow certain visitors to bypass protection when they have the private link.
Installation
- Install Semantic MediaWiki as instructed in it's documentation since this extension is required for this extension to function.
- <translate> [[<tvar name=2>Special:ExtensionDistributor/SemanticACL</tvar>|Download]] and move the extracted <tvar name=name>
SemanticACL
</tvar> folder to your <tvar name=ext>extensions/
</tvar> directory.</translate>
<translate> Developers and code contributors should install the extension [[<tvar name=git>Special:MyLanguage/Download from Git</tvar>|from Git]] instead, using:</translate>cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/SemanticACL - <translate> Add the following code at the bottom of your <tvar name=1>LocalSettings.php </tvar> file:</translate>
wfLoadExtension( 'SemanticACL' );
- Configure as required.
- File:OOjs UI icon check-constructive.svg <translate> Done</translate> – <translate> Navigate to <tvar name=special>Special:Version</tvar> on your wiki to verify that the extension is successfully installed.</translate>
Usage
To set restrictions, mark up a page with the appropriate properties.
To set read restrictions, use this property: [[Visible to::]]
.
If set to whitelist
set allowed users or groups:
[[Visible to user::]]
[[Visible to group::]]
To set edit restrictions (which apply to all other actions), use this property: [[Editable by::]]
.
If set to whitelist
set allowed users or groups:
[[Editable by user::]]
[[Editable by group::]]
The "main" property (Editable by
or Visible to
) can take one or more of these values. With the exception of "public", a user must satisfy all conditions set.
public
— overrides all other values and never denies access.users
— denies access to users who are not logged in.whitelist
— denies access to all users who are not whitelisted, either explicitly or by being in a whitelisted group.key
— allows access by private link (ie: http://mediawiki.org/Extension:Semantic_ACL?semanticacl-key=12345abcde);- the key for the link is configured using the
{{#SEMANTICACL_PRIVATE_LINK:12345abcde}}
magic word; the magic word will also output the private link. - private links only work for page viewing;
- changing the private link will invalidate previous versions of the private link.
- the key for the link is configured using the
The read and edit restrictions have separate whitelists. You can add one or more users or groups to the whitelist using the appropriate properties. Note that the User:
prefix is mandatory for the single-user whitelist (eg: [[Editable by user::User:John_Doe]]
).
Example
These properties, included on a page, would allow only users in the "moderator" group to read the page, and only the user "Chief Moderator" to edit it. Visitors have the private link containing the correct key.
[[Visible to::whitelist]] [[Visible to group::moderator]] [[Editable by::whitelist]] [[Editable by user::User:Chief Moderator]] [[Visible to::key]] {{#SEMANTICACL_PRIVATE_LINK:12345abcde}} <!-- outputs http://mediawiki.org/Extension:Semantic_ACL?semanticacl-key=12345abcde -->
Property values are displayed by default in the output. If you don't want to, wrap them in a hidden <div>
or use {{#set: Property name=property value
}}
<div style="display:none">[[Visible to::whitelist]]</div> {{#set:Visible to group=moderator}}
User rights
- sacl-exempt
Users who have the sacl-exempt
user group are never prohibited access by this extension. This is a failsafe to avoid pages becoming permanently uneditable by having an empty whitelist.
By default, administrators (users in the sysop
group) are given this right.
Also, IPs listed in $wgSemanticACLWhitelistIPs
are also granted full access.
- view-non-categorized-media
When $wgPublicImagesCategory
is set, users that have the view-non-categorized-media
right can browse media that has not been categorized as public.
Configuration
Parameter | Default | Comment | Examples |
---|---|---|---|
$wgSemanticACLWhitelistIPs |
null |
IPs listed in this array are granted full access | To give local host full access: ['127.0.0.1', '::1']
|
$wgPublicImagesCategory |
null |
Only files within this category are shown to unregistered users. This feature is useful for wikis that make use of copyrighted images that have not been cleared for public viewing. | Non-copyrighted_files
|
$wgEnablePrivateLinks |
true |
Allows the bypassing of page protections using a private link. |
See also
- Pages with script errors
- Pages with broken file links
- Page specific user rights extensions
- Stable extensions
- Extensions without an image
- Extensions with invalid or missing type
- Extensions without a compatibility policy
- Extensions with manual MediaWiki version
- GPL licensed extensions
- Extensions in Wikimedia version control
- Extensions which add rights
- BadImage extensions
- ParserFetchTemplate extensions
- ParserFirstCallInit extensions
- GetUserPermissionsErrors extensions
- All extensions
- User rights extensions
- Semantic MediaWiki extensions