mediawiki实现访问控制
***mediawiki采用扩展插件accesscontrol后,可以实现一定的访问控制。
Accesscontrol-1.1版本特点
1.easy to setup and simple to use
2.no patches, real extension
3.unlimited number of groups
4.Dual mode access control
5.view control
6.edit control, including restrictions on manual edit access when using action=edit in the URL
7.user groups may use any namespace
8.namespaces may be protected by another extension or by this extension only
9.In original Group Based Access Control can be set special namespace "Usergroup:.." only in extension variable
10.mediaWiki sysop-Group may view and edit the protected pages
11.controlled by extension variable
12.access may be granted to multiple groups
13.may be used for access control for internal system groups from MediaWiki in parallel with user groups lists
14.read only access may be granted to for groups and for individual users
15.Unauthorized user can't use search feature to find pages protected by accesscontrol element
***我扩展后的用法:
目前访问控制可以实现:特定人可编辑、特定人可读(readonly)、其他人只读/其他人不能读 三种权限控制。
***Accesscontrol的安装使用方法
(1).把附件解压至extensions文件夹下
(2).修改accesscontrolsetting.php文件,注意参照官网的说明http://www.mediawiki.org/wiki/Extension:AccessControl (09年7月更新为1.1版本)
$wgAccessControlDisableMessages = false; // if false, show a Line on Top of each secured Page, which says, which Groups are allowed to see this page.
$wgUseMediaWikiGroups = false; // use the groups from MediaWiki instead of own Usergroup pages
$wgAdminCanReadAll = true; // sysop users can read all restricted pages
(3).在locatesetting.php文件中添加
require_once("$IP/extensions/Accesscontrol-1.1/accesscontrol.php");
***如果您希望某一页面只有本组team1成员可以编辑,某组人team2只读,其他人不能读,则遵循如下3个步骤:
1、假设您的组名字叫team1,则创建一个wiki页面为:Usergroup:team1 (可通过在地址栏index.php/后面直接写Usergroup:team1来创建),Usergroup为关键字。
在此页面中列出团队成员用户名
*all()
*sysop
*kay
注意:每个用户用*号隔开。其中all()的意思是其他所有人不可读。如果不加上all(),则其他所有人只读。
2、同样创建一个wiki页面为:Usergroup:team2,在此页面中列出允许只读访问的用户名
*kay
*kay001
*kay002
3、在需要权限控制的wiki页面头部增加如下代码:
<accesscontrol>team1,team2(ro)</accesscontrol>
此代码用标签对<accesscontrol>来告诉wiki,此页面受保护,只有team1可以编辑,team2只读。team2后面加(ro)的意思是标明team2权限为read only。
需要注意到:当定义2个如上Usergroup时,用两个逗号(,)来分隔。如果要更改team2为可写,则将team2后面的(ro)去掉,写成<accesscontrol>team1,team2</accesscontrol>。 保存页面,此时页面头部会提示此页面正受到保护。
***Attention
1.Groups from MediaWiki must be in not localized form! In ex. 'sysop' not 'Správce' , etc.
2.On page may be more accesscontrol elements. Access is accepted for groups from all.tags
3.Anonymous user has not access on pages protected by accesscontrol elements
4.Pages without protection can anonymous user only read
5.Logged user has access on protected page only when he is member of any group with access rights on page
6.If is set in extension script variable $wgAdminCanReadAll on true, have members from group 'sysop' edit access on page allways