Difference between revisions of "Mediawiki Security Matrix"
Jump to navigation
Jump to search
m (Page creation) |
m (Added extension configuration) |
||
Line 3: | Line 3: | ||
<pre> | <pre> | ||
# Security settings | # Security settings | ||
− | ########################################### | + | ################################################ |
− | # Group restricted categories added by | + | # Group restricted categories added by Micylou # |
− | ########################################### | + | ################################################ |
# Activation of the extension ############################################################ | # Activation of the extension ############################################################ | ||
require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php"; # | require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php"; # | ||
Line 28: | Line 28: | ||
$wgGroupPermissions['sysop']['Semantic-DBA'] = true; | $wgGroupPermissions['sysop']['Semantic-DBA'] = true; | ||
− | ################################## | + | ############################################################################### |
− | # GLOBAL Group permissions reset # other default permissions remain unchanged | + | # GLOBAL Group permissions reset # other default permissions remain unchanged # |
− | ############################################################################# | + | ########################################################################################################### |
− | # Setting '*' to false doesn't disable rights for groups that have the right separately set to true! | + | # Setting '*' to false doesn't disable rights for groups that have the right separately set to true! # |
− | #################################################################################################### | + | # To avoid bypass of security because of an update, each right disable command is repeated for each group # |
+ | ########################################################################################################### | ||
# Non-registered users rights disabling | # Non-registered users rights disabling | ||
$wgGroupPermissions['*']['approverevision'] = false; | $wgGroupPermissions['*']['approverevision'] = false; | ||
Line 76: | Line 77: | ||
$wgGroupPermissions['*']['writeapi'] = false; | $wgGroupPermissions['*']['writeapi'] = false; | ||
$wgGroupPermissions['*']['writeapi'] = false; | $wgGroupPermissions['*']['writeapi'] = false; | ||
− | # Registered | + | # Registered user group |
$wgGroupPermissions['user']['approverevision'] = false; | $wgGroupPermissions['user']['approverevision'] = false; | ||
$wgGroupPermissions['user']['approverevision'] = false; | $wgGroupPermissions['user']['approverevision'] = false; | ||
Line 119: | Line 120: | ||
$wgGroupPermissions['user']['writeapi'] = false; | $wgGroupPermissions['user']['writeapi'] = false; | ||
$wgGroupPermissions['user']['writeapi'] = false; | $wgGroupPermissions['user']['writeapi'] = false; | ||
− | |||
− | |||
### Specific permissions (sub-)linked to user groups | ### Specific permissions (sub-)linked to user groups | ||
##### Image moving##### | ##### Image moving##### | ||
$wgAllowImageMoving = true; // by default to registered user groups who do have the $wgBlockDisablesLogin = true; // for sysop group | $wgAllowImageMoving = true; // by default to registered user groups who do have the $wgBlockDisablesLogin = true; // for sysop group | ||
− | |||
− | |||
##### applychangetags ##### | ##### applychangetags ##### | ||
Line 582: | Line 579: | ||
##### upload ##### | ##### upload ##### | ||
− | ##### To enable image uploads, make sure the 'images' directory is writable (chmod777), the $wgEnableUploads = true; | + | ##### To enable image/file uploads, make sure the 'images' directory is writable (chmod777), and the $wgEnableUploads = true; |
##### Upload permissions ##### restricted to groups (requires createpage permission as well - each upload has one page create> | ##### Upload permissions ##### restricted to groups (requires createpage permission as well - each upload has one page create> | ||
+ | $wgEnableUploads = true; // Enable uploads | ||
+ | |||
$wgGroupPermissions['administrator']['upload'] = true; | $wgGroupPermissions['administrator']['upload'] = true; | ||
$wgGroupPermissions['sysop']['upload'] = true; | $wgGroupPermissions['sysop']['upload'] = true; | ||
Line 592: | Line 591: | ||
$wgGroupPermissions['Wiki-Editor']['upload'] = true; | $wgGroupPermissions['Wiki-Editor']['upload'] = true; | ||
$wgGroupPermissions['Wiki-Updater']['upload'] = true; | $wgGroupPermissions['Wiki-Updater']['upload'] = true; | ||
+ | # Configuration | ||
+ | #$wgUseImageMagick = true; | ||
+ | #$wgImageMagickConvertCommand = "/usr/bin/convert"; | ||
+ | $wgEnableWriteAPI = true; // Enable the API | ||
+ | $wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.) | ||
+ | $wgFileExtensions = array('png','svg','gif','jpg','jpeg','doc','xls','pdf','ppt','tiff','bmp','docx','xlsx','pptx'); | ||
##### upload_by_url ##### | ##### upload_by_url ##### | ||
Line 630: | Line 635: | ||
$wgGroupPermissions['Wiki-Editor']['viewsuppressed'] = true; | $wgGroupPermissions['Wiki-Editor']['viewsuppressed'] = true; | ||
− | ##### writeapi ##### | + | ##### writeapi ##### |
$wgGroupPermissions['administrator']['writeapi'] = true; | $wgGroupPermissions['administrator']['writeapi'] = true; | ||
$wgGroupPermissions['sysop']['writeapi'] = true; | $wgGroupPermissions['sysop']['writeapi'] = true; |
Revision as of 08:37, 17 February 2021
Security matrix sample to set up in LocalSettings.php
# Security settings ################################################ # Group restricted categories added by Micylou # ################################################ # Activation of the extension ############################################################ require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php"; # ###################################################################################################### # PRIVATE GROUPS WITH RESTRICTED ACCESS # ######################################### $wgGroupPermissions['Linux-Admin']['private'] = true; $wgGroupPermissions['Wiki-Admin']['private'] = true; $wgGroupPermissions['TKI-Restricted']['private'] = true; $wgGroupPermissions['NTRK-Restricted']['private'] = true; $wgGroupPermissions['Process-Restricted']['private'] = true; $wgGroupPermissions['Wiki-Admin']['private'] = true; # add an additional protection level restricting edit/move/etc. $wgRestrictionLevels[] = 'Process-Editor'; $wgGroupPermissions['sysop']['Process-Editor'] = true; $wgGroupPermissions['Process-Restricted']['Process-Editor'] = true; $wgGroupPermissions['administrator']['Process-Editor'] = true; $wgGroupPermissions['Wiki-Admin']['Process-Editor'] = true; $wgGroupPermissions['Wiki-Admin']['Semantic-DBA'] = true; $wgGroupPermissions['administrator']['Semantic-DBA'] = true; $wgGroupPermissions['sysop']['Semantic-DBA'] = true; ############################################################################### # GLOBAL Group permissions reset # other default permissions remain unchanged # ########################################################################################################### # Setting '*' to false doesn't disable rights for groups that have the right separately set to true! # # To avoid bypass of security because of an update, each right disable command is repeated for each group # ########################################################################################################### # Non-registered users rights disabling $wgGroupPermissions['*']['approverevision'] = false; $wgGroupPermissions['*']['approverevision'] = false; $wgGroupPermissions['*']['viewapprover'] = false; $wgGroupPermissions['*']['viewapprover'] = false; $wgGroupPermissions['*']['viewlinktolatest'] = false; $wgGroupPermissions['*']['viewlinktolatest'] = false; $wgGroupPermissions['*']['applychangetags'] = false; $wgGroupPermissions['*']['changetags'] = false; $wgGroupPermissions['*']['changetags'] = false; $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createpage'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['createtalk'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['editcontentmodel'] = false; $wgGroupPermissions['*']['editcontentmodel'] = false; $wgGroupPermissions['*']['editmyoptions'] = false; $wgGroupPermissions['*']['editmyprivateinfo'] = false; $wgGroupPermissions['*']['minoredit'] = false; $wgGroupPermissions['*']['move'] = false; $wgGroupPermissions['*']['move-categorypages'] = false; $wgGroupPermissions['*']['movefile'] = false; $wgGroupPermissions['*']['move-rootuserpages'] = false; $wgGroupPermissions['*']['move-subpages'] = false; $wgGroupPermissions['*']['override-export-depth'] = false; $wgGroupPermissions['*']['pagelang'] = false; $wgGroupPermissions['*']['patrolmarks'] = false; $wgGroupPermissions['*']['purge'] = false; $wgGroupPermissions['*']['read'] = false; $wgGroupPermissions['*']['readapi'] = false; $wgGroupPermissions['*']['readapi'] = false; $wgGroupPermissions['*']['reupload'] = false; $wgGroupPermissions['*']['reupload-own'] = false; $wgGroupPermissions['*']['reupload-shared'] = false; $wgGroupPermissions['*']['sendemail'] = false; $wgGroupPermissions['*']['upload'] = false; $wgGroupPermissions['*']['viewmyprivateinfo'] = false; $wgGroupPermissions['*']['viewmywatchlist'] = false; $wgGroupPermissions['*']['writeapi'] = false; $wgGroupPermissions['*']['writeapi'] = false; # Registered user group $wgGroupPermissions['user']['approverevision'] = false; $wgGroupPermissions['user']['approverevision'] = false; $wgGroupPermissions['user']['viewapprover'] = false; $wgGroupPermissions['user']['viewapprover'] = false; $wgGroupPermissions['user']['viewlinktolatest'] = false; $wgGroupPermissions['user']['viewlinktolatest'] = false; $wgGroupPermissions['user']['applychangetags'] = false; $wgGroupPermissions['user']['changetags'] = false; $wgGroupPermissions['user']['changetags'] = false; $wgGroupPermissions['user']['createaccount'] = false; $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['user']['createpage'] = false; $wgGroupPermissions['user']['createtalk'] = false; $wgGroupPermissions['user']['createtalk'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['user']['editcontentmodel'] = false; $wgGroupPermissions['user']['editcontentmodel'] = false; $wgGroupPermissions['user']['editmyoptions'] = false; $wgGroupPermissions['user']['editmyprivateinfo'] = false; $wgGroupPermissions['user']['minoredit'] = false; $wgGroupPermissions['user']['move'] = false; $wgGroupPermissions['user']['move-categorypages'] = false; $wgGroupPermissions['user']['movefile'] = false; $wgGroupPermissions['user']['move-rootuserpages'] = false; $wgGroupPermissions['user']['move-subpages'] = false; $wgGroupPermissions['user']['override-export-depth'] = false; $wgGroupPermissions['user']['pagelang'] = false; $wgGroupPermissions['user']['patrolmarks'] = false; $wgGroupPermissions['user']['purge'] = false; $wgGroupPermissions['user']['read'] = true; # Registered users can ready public files on the wiki. $wgGroupPermissions['user']['readapi'] = false; $wgGroupPermissions['user']['readapi'] = false; $wgGroupPermissions['user']['reupload'] = false; $wgGroupPermissions['user']['reupload-own'] = false; $wgGroupPermissions['user']['reupload-shared'] = false; $wgGroupPermissions['user']['sendemail'] = false; $wgGroupPermissions['user']['upload'] = false; $wgGroupPermissions['user']['viewmyprivateinfo'] = false; $wgGroupPermissions['user']['viewmywatchlist'] = false; $wgGroupPermissions['user']['writeapi'] = false; $wgGroupPermissions['user']['writeapi'] = false; ### Specific permissions (sub-)linked to user groups ##### Image moving##### $wgAllowImageMoving = true; // by default to registered user groups who do have the $wgBlockDisablesLogin = true; // for sysop group ##### applychangetags ##### $wgGroupPermissions['administrator']['applychangetags'] = true; $wgGroupPermissions['sysop']['applychangetags'] = true; $wgGroupPermissions['Wiki-Editor']['applychangetags'] = true; #### REVISIONS #### # enabling ApproveRevs extension wfLoadExtension( 'ApprovedRevs' ); $wgGroupPermissions['*']['viewlinktolatest'] = false; $wgGroupPermissions['sysop']['viewlinktolatest'] = true; $wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true; $wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true; //'approverevisions' is the permission to approve and unapprove revisions of pages. // By default it is given to all members of the 'sysop' group //'viewlinktolatest' is the "permission" to see a note at the top of pages that have an approved revision, // explaining that what the user is seeing is not necessarily the latest revision //'viewapprover' is the "permission" to see another note at the top of pages that have an approved revision, // stating who last approved it. By default it is given to all members of the 'sysop' group ##### Approve Revision ##### $wgGroupPermissions['administrator']['approverevisions'] = true; $wgGroupPermissions['sysop']['approverevisions'] = true; ### this is normally by default $wgGroupPermissions['Wikidoc-Admin-Rev']['approverevision'] = true; ##### View latest version link ##### $wgGroupPermissions['*']['viewlinktolatest'] = false; $wgGroupPermissions['user']['viewlinktolatest'] = false; $wgGroupPermissions['sysop']['viewlinktolatest'] = true; $wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true; $wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true; ##### View Approver ##### $wgGroupPermissions['user']['viewapprover'] = true; ##### Delete Revision ##### $wgGroupPermissions['administrator']['deleterevision'] = true; $wgGroupPermissions['sysop']['deleterevision'] = true; $wgGroupPermissions['Wikidoc-Admin-Rev']['deleterevision'] = true; //automatic approvals by groups with approverevision true $egApprovedRevsAutomaticApprovals = false; //Displaying unapproved pages as blank $egApprovedRevsBlankIfUnapproved = false; ### to be set to true for clean-up //Indicating unapproved pages $egApprovedRevsShowNotApprovedMessage = true; $egApprovedRevsShowApproveLatest = true; ##### ['autocreateaccount'] ##### $wgGroupPermissions['*']['autocreateaccount'] = true; ##### autopatrol ##### $wgGroupPermissions['Wiki-Admin']['autopatrol'] = true; $wgGroupPermissions['Wiki-Moderator']['autopatrol'] = true; ##### bigdelete ##### $wgGroupPermissions['sysop']['bigdelete'] = true; $wgGroupPermissions['Wiki-Admin']['bigdelete'] = true; ##### block ##### $wgGroupPermissions['sysop']['block'] = true; $wgGroupPermissions['Linux-Admin']['block'] = true; $wgGroupPermissions['Wiki-Admin']['block'] = true; ##### blockemail ##### $wgGroupPermissions['sysop']['blockemail'] = true; $wgGroupPermissions['Linux-Admin']['blockemail'] = true; $wgGroupPermissions['Wiki-Admin']['blockemail'] = true; $wgGroupPermissions['Wiki-Moderator']['blockemail'] = true; ##### browsearchive ##### $wgGroupPermissions['administrator']['browsearchive'] = true; $wgGroupPermissions['sysop']['browsearchive'] = true; $wgGroupPermissions['Wiki-Admin']['browsearchive'] = true; $wgGroupPermissions['Wiki-Moderator']['browsearchive'] = true; $wgGroupPermissions['Wiki-Editor']['browsearchive'] = true; ##### changetags ##### $wgGroupPermissions['administrator']['changetags'] = true; $wgGroupPermissions['sysop']['changetags'] = true; $wgGroupPermissions['Wiki-Admin']['changetags'] = true; $wgGroupPermissions['Wiki-Moderator']['changetags'] = true; $wgGroupPermissions['Wiki-Editor']['changetags'] = true; ##### createaccount ##### $wgGroupPermissions['administrator']['createaccount'] = true; $wgGroupPermissions['sysop']['createaccount'] = true; $wgGroupPermissions['Bureaucrat']['createaccount'] = true; $wgGroupPermissions['Wiki-Admin']['createaccount'] = true; ##### createpage ##### $wgGroupPermissions['administrator']['createpage'] = true; $wgGroupPermissions['sysop']['createpage'] = true; $wgGroupPermissions['Wiki-Admin']['createpage'] = true; $wgGroupPermissions['Wiki-Moderator']['createpage'] = true; $wgGroupPermissions['Wiki-Editor']['createpage'] = true; $wgGroupPermissions['Wiki-Updater']['createpage'] = true; ##### createtalk ##### $wgGroupPermissions['administrator']['createtalk'] = true; $wgGroupPermissions['sysop']['createtalk'] = true; $wgGroupPermissions['Wiki-Admin']['createtalk'] = true; ##### delete ##### $wgGroupPermissions['administrator']['delete'] = true; $wgGroupPermissions['sysop']['delete'] = true; $wgGroupPermissions['Linux-Admin']['delete'] = true; $wgGroupPermissions['Wiki-Admin']['delete'] = true; $wgGroupPermissions['Wiki-Moderator']['delete'] = true; $wgGroupPermissions['Wiki-Editor']['delete'] = true; $wgGroupPermissions['Wiki-Updater']['delete'] = true; ##### deletechangetags ##### $wgGroupPermissions['Wiki-Admin']['deletechangetags'] = true; ##### deletedhistory ##### $wgGroupPermissions['administrator']['deletedhistory'] = true; $wgGroupPermissions['sysop']['deletedhistory'] = true; $wgGroupPermissions['Wiki-Admin']['deletedhistory'] = true; $wgGroupPermissions['Wiki-Moderator']['deletedhistory'] = true; $wgGroupPermissions['Wiki-Editor']['deletedhistory'] = true; $wgGroupPermissions['Wiki-Updater']['deletedhistory'] = true; ##### deletedtext ##### $wgGroupPermissions['administrator']['deletedtext'] = true; $wgGroupPermissions['sysop']['deletedtext'] = true; $wgGroupPermissions['Wiki-Admin']['deletedtext'] = true; $wgGroupPermissions['Wiki-Moderator']['deletedtext'] = true; $wgGroupPermissions['Wiki-Editor']['deletedtext'] = true; $wgGroupPermissions['Wiki-Updater']['deletedtext'] = true; ##### deletelogentry ##### $wgGroupPermissions['administrator']['deletelogentry'] = true; $wgGroupPermissions['sysop']['deletelogentry'] = true; ##### deleterevision ##### $wgGroupPermissions['administrator']['deleterevision'] = true; $wgGroupPermissions['sysop']['deleterevision'] = true; $wgGroupPermissions['Wiki-Admin']['deleterevision'] = true; $wgGroupPermissions['Wiki-Moderator']['deleterevision'] = true; $wgGroupPermissions['Wiki-Editor']['deleterevision'] = true; ##### edit ##### $wgGroupPermissions['administrator']['edit'] = true; $wgGroupPermissions['sysop']['edit'] = true; $wgGroupPermissions['Wiki-Editor']['edit'] = true; $wgGroupPermissions['Wiki-Updater']['edit'] = true; ##### editcontentmodel ##### $wgGroupPermissions['administrator']['editcontentmodel'] = true; $wgGroupPermissions['sysop']['editcontentmodel'] = true; $wgGroupPermissions['Wiki-Admin']['editcontentmodel'] = true; $wgGroupPermissions['Wiki-Moderator']['editcontentmodel'] = true; $wgGroupPermissions['Wiki-Editor']['editcontentmodel'] = true; ##### editinterface ##### $wgGroupPermissions['administrator']['editinterface'] = true; $wgGroupPermissions['sysop']['editinterface'] = true; $wgGroupPermissions['Wiki-Admin']['editinterface'] = true; ##### editmyoptions ##### $wgGroupPermissions['administrator']['editmyoptions'] = true; $wgGroupPermissions['sysop']['editmyoptions'] = true; $wgGroupPermissions['Wiki-Admin']['editmyoptions'] = true; $wgGroupPermissions['Wiki-Moderator']['editmyoptions'] = true; $wgGroupPermissions['Wiki-Editor']['editmyoptions'] = true; $wgGroupPermissions['Wiki-Updater']['editmyoptions'] = true; ##### editmyprivateinfo ##### $wgGroupPermissions['administrator']['editmyprivateinfo'] = true; $wgGroupPermissions['sysop']['editmyprivateinfo'] = true; $wgGroupPermissions['Wiki-Admin']['editmyprivateinfo'] = true; $wgGroupPermissions['Wiki-Moderator']['editmyprivateinfo'] = true; $wgGroupPermissions['Wiki-Editor']['editmyprivateinfo'] = true; $wgGroupPermissions['Wiki-Updater']['editmyprivateinfo'] = true; ##### editmyusercss ##### $wgGroupPermissions['user']['editmyusercss'] = true; ##### editmyuserjs ##### $wgGroupPermissions['user']['editmyuserjs'] = true; ##### editmyuserjson ##### $wgGroupPermissions['user']['editmyuserjson'] = true; ##### editmywatchlist ##### $wgGroupPermissions['user']['editmywatchlist'] = true; ##### editprotected ##### $wgGroupPermissions['administrator']['editprotected'] = true; $wgGroupPermissions['sysop']['editprotected'] = true; $wgGroupPermissions['Wiki-Admin']['editprotected'] = true; $wgGroupPermissions['Wiki-Moderator']['editprotected'] = true; $wgGroupPermissions['Wiki-Editor']['editprotected'] = true; ##### editsemiprotected ##### $wgGroupPermissions['administrator']['editsemiprotected'] = true; $wgGroupPermissions['sysop']['editsemiprotected'] = true; $wgGroupPermissions['Wiki-Admin']['editsemiprotected'] = true; $wgGroupPermissions['Wiki-Moderator']['editsemiprotected'] = true; $wgGroupPermissions['Wiki-Editor']['editsemiprotected'] = true; ##### editsitecss ##### $wgGroupPermissions['administrator']['editsitecss'] = true; $wgGroupPermissions['sysop']['editsitecss'] = true; $wgGroupPermissions['Wiki-Admin']['editsitecss'] = true; ##### editsitejs ##### $wgGroupPermissions['administrator']['editsitejs'] = true; $wgGroupPermissions['sysop']['editsitejs'] = true; $wgGroupPermissions['Wiki-Admin']['editsitejs'] = true; ##### editsitejson ##### $wgGroupPermissions['administrator']['editsitejson'] = true; $wgGroupPermissions['sysop']['editsitejson'] = true; $wgGroupPermissions['Wiki-Admin']['editsitejson'] = true; ##### editusercss ##### $wgGroupPermissions['administrator']['editusercss'] = true; $wgGroupPermissions['sysop']['editusercss'] = true; $wgGroupPermissions['Wiki-Admin']['editusercss'] = true; ##### Extension EditUser ##### // Activation wfLoadExtension( 'EditUser' ); // Configuration $wgGroupPermissions['bureaucrat']['edituser'] = true; $wgGroupPermissions['sysop']['edituser-exempt'] = true; $wgGroupPermissions['administrator']['edituser'] = true; ##### edituserjs ##### $wgGroupPermissions['administrator']['edituserjs'] = true; $wgGroupPermissions['sysop']['edituserjs'] = true; $wgGroupPermissions['Wiki-Admin']['edituserjs'] = true; ##### edituserjson ##### $wgGroupPermissions['administrator']['edituserjson'] = true; $wgGroupPermissions['sysop']['edituserjson'] = true; $wgGroupPermissions['Wiki-Admin']['edituserjson'] = true; ##### hideuser ##### $wgGroupPermissions['administrator']['hideuser'] = true; $wgGroupPermissions['sysop']['hideuser'] = true; $wgGroupPermissions['Wiki-Admin']['hideuser'] = true; $wgGroupPermissions['Wiki-Moderator']['hideuser'] = true; ##### import ##### $wgGroupPermissions['administrator']['import'] = true; $wgGroupPermissions['sysop']['import'] = true; $wgGroupPermissions['Wiki-Admin']['import'] = true; $wgGroupPermissions['Wiki-Editor']['import'] = true; ##### importupload ##### $wgGroupPermissions['administrator']['importupload'] = true; $wgGroupPermissions['sysop']['importupload'] = true; $wgGroupPermissions['Wiki-Admin']['importupload'] = true; ##### ipblock-exempt ##### $wgGroupPermissions['administrator']['ipblock-exempt'] = true; $wgGroupPermissions['sysop']['ipblock-exempt'] = true; $wgGroupPermissions['Wiki-Admin']['ipblock-exempt'] = true; ##### managechangetags ##### $wgGroupPermissions['administrator']['managechangetags'] = true; $wgGroupPermissions['sysop']['managechangetags'] = true; $wgGroupPermissions['Wiki-Admin']['managechangetags'] = true; ##### markbotedits ##### $wgGroupPermissions['administrator']['markbotedits'] = true; $wgGroupPermissions['sysop']['markbotedits'] = true; $wgGroupPermissions['Wiki-Admin']['markbotedits'] = true; ##### mergehistory ##### $wgGroupPermissions['administrator']['mergehistory'] = true; $wgGroupPermissions['sysop']['mergehistory'] = true; $wgGroupPermissions['Wiki-Admin']['mergehistory'] = true; ##### minoredit ##### $wgGroupPermissions['administrator']['minoredit'] = true; $wgGroupPermissions['sysop']['minoredit'] = true; $wgGroupPermissions['Wiki-Admin']['minoredit'] = true; $wgGroupPermissions['Wiki-Editor']['minoredit'] = true; $wgGroupPermissions['Wiki-Updater']['minoredit'] = true; ##### move ##### $wgGroupPermissions['administrator']['move'] = true; $wgGroupPermissions['sysop']['move'] = true; $wgGroupPermissions['Wiki-Admin']['move'] = true; $wgGroupPermissions['Wiki-Editor']['move'] = true; $wgGroupPermissions['Wiki-Updater']['move'] = true; ##### move-categorypages ##### $wgGroupPermissions['administrator']['move-categorypages'] = true; $wgGroupPermissions['sysop']['move-categorypages'] = true; $wgGroupPermissions['Wiki-Admin']['move-categorypages'] = true; $wgGroupPermissions['Wiki-Editor']['move-categorypages'] = true; ##### movefile ##### $wgGroupPermissions['administrator']['movefile'] = true; $wgGroupPermissions['sysop']['movefile'] = true; $wgGroupPermissions['Wiki-Admin']['movefile'] = true; $wgGroupPermissions['Wiki-Editor']['movefile'] = true; ##### move-rootuserpages ##### $wgGroupPermissions['administrator']['move-rootuserpages'] = true; $wgGroupPermissions['sysop']['move-rootuserpages'] = true; $wgGroupPermissions['Wiki-Admin']['move-rootuserpages'] = true; $wgGroupPermissions['Wiki-Editor']['move-rootuserpages'] = true; ##### move-subpages ##### $wgGroupPermissions['administrator']['move-subpages'] = true; $wgGroupPermissions['sysop']['move-subpages'] = true; $wgGroupPermissions['Wiki-Admin']['move-subpages'] = true; $wgGroupPermissions['Wiki-Editor']['move-subpages'] = true; ##### nominornewtalk ##### ##### noratelimit ##### $wgGroupPermissions['administrator']['noratelimit'] = true; $wgGroupPermissions['sysop']['noratelimit'] = true; $wgGroupPermissions['Bureaucrat']['noratelimit'] = true; $wgGroupPermissions['Wiki-Admin']['noratelimit'] = true; ##### override-export-depth ##### $wgGroupPermissions['administrator']['override-export-depth'] = true; $wgGroupPermissions['sysop']['override-export-depth'] = true; $wgGroupPermissions['Wiki-Admin']['override-export-depth'] = true; ##### pagelang ##### $wgGroupPermissions['administrator']['pagelang'] = true; $wgGroupPermissions['sysop']['pagelang'] = true; $wgGroupPermissions['Wiki-Admin']['pagelang'] = true; ##### patrol ##### $wgGroupPermissions['administrator']['patrol'] = true; $wgGroupPermissions['sysop']['patrol'] = true; $wgGroupPermissions['Wiki-Admin']['patrol'] = true; ##### patrolmarks ##### $wgGroupPermissions['administrator']['patrolmarks'] = true; $wgGroupPermissions['sysop']['patrolmarks'] = true; $wgGroupPermissions['Wiki-Admin']['patrolmarks'] = true; $wgGroupPermissions['Wiki-Moderator']['patrolmarks'] = true; ##### protect ##### $wgGroupPermissions['administrator']['protect'] = true; $wgGroupPermissions['sysop']['protect'] = true; $wgGroupPermissions['Wiki-Admin']['protect'] = true; $wgGroupPermissions['Wiki-Editor']['protect'] = true; $wgGroupPermissions['Wiki-Updater']['protect'] = true; ##### purge ##### $wgGroupPermissions['administrator']['purge'] = true; $wgGroupPermissions['sysop']['purge'] = true; $wgGroupPermissions['Wiki-Admin']['purge'] = true; ##### read ##### $wgGroupPermissions['user']['read'] = true; ##### readapi ##### $wgGroupPermissions['administrator']['readapi'] = true; $wgGroupPermissions['sysop']['readapi'] = true; $wgGroupPermissions['Bot']['readapi'] = true; $wgGroupPermissions['Bureaucrat']['readapi'] = true; $wgGroupPermissions['Linux-Admin']['readapi'] = true; $wgGroupPermissions['Wiki-Admin']['readapi'] = true; $wgGroupPermissions['Wiki-Moderator']['readapi'] = true; $wgGroupPermissions['Wiki-Editor']['readapi'] = true; $wgGroupPermissions['Wiki-Updater']['readapi'] = true; ##### reupload ##### $wgGroupPermissions['administrator']['reupload'] = true; $wgGroupPermissions['sysop']['reupload'] = true; $wgGroupPermissions['Wiki-Admin']['reupload'] = true; $wgGroupPermissions['Wiki-Moderator']['reupload'] = true; $wgGroupPermissions['Wiki-Editor']['reupload'] = true; $wgGroupPermissions['Wiki-Updater']['reupload'] = true; ##### reupload-own ##### $wgGroupPermissions['administrator']['reupload-own'] = true; $wgGroupPermissions['sysop']['reupload-own'] = true; $wgGroupPermissions['Wiki-Admin']['reupload-own'] = true; $wgGroupPermissions['Wiki-Moderator']['reupload-own'] = true; $wgGroupPermissions['Wiki-Editor']['reupload-own'] = true; $wgGroupPermissions['Wiki-Updater']['reupload-own'] = true; ##### reupload-shared ##### $wgGroupPermissions['administrator']['reupload-shared'] = true; $wgGroupPermissions['sysop']['reupload-shared'] = true; $wgGroupPermissions['Wiki-Admin']['reupload-shared'] = true; $wgGroupPermissions['Wiki-Moderator']['reupload-shared'] = true; $wgGroupPermissions['Wiki-Editor']['reupload-shared'] = true; $wgGroupPermissions['Wiki-Updater']['reupload-shared'] = true; ##### rollback ##### $wgGroupPermissions['administrator']['rollback'] = true; $wgGroupPermissions['sysop']['rollback'] = true; $wgGroupPermissions['Wiki-Admin']['rollback'] = true; $wgGroupPermissions['Wiki-Moderator']['rollback'] = true; ##### sendemail ##### $wgGroupPermissions['administrator']['sendemail'] = true; $wgGroupPermissions['sysop']['sendemail'] = true; $wgGroupPermissions['Bureaucrat']['sendemail'] = true; $wgGroupPermissions['Linux-Admin']['sendemail'] = true; $wgGroupPermissions['Wiki-Admin']['sendemail'] = true; $wgGroupPermissions['Wiki-Moderator']['sendemail'] = true; $wgGroupPermissions['Wiki-Editor']['sendemail'] = true; $wgGroupPermissions['Wiki-Updater']['sendemail'] = true; ##### siteadmin ##### $wgGroupPermissions['administrator']['siteadmin'] = true; $wgGroupPermissions['sysop']['siteadmin'] = true; $wgGroupPermissions['Linux-Admin']['siteadmin'] = true; $wgGroupPermissions['Wiki-Admin']['siteadmin'] = true; ##### suppressionlog ##### $wgGroupPermissions['administrator']['suppressionlog'] = true; $wgGroupPermissions['sysop']['suppressionlog'] = true; $wgGroupPermissions['Linux-Admin']['suppressionlog'] = true; $wgGroupPermissions['Wiki-Admin']['suppressionlog'] = true; ##### suppressredirect ##### $wgGroupPermissions['administrator']['suppressredirect'] = true; $wgGroupPermissions['sysop']['suppressredirect'] = true; $wgGroupPermissions['Wiki-Admin']['suppressredirect'] = true; ##### suppressrevision ##### $wgGroupPermissions['administrator']['suppressrevision'] = true; $wgGroupPermissions['sysop']['suppressrevision'] = true; $wgGroupPermissions['Wiki-Admin']['suppressrevision'] = true; ##### unblockself ##### $wgGroupPermissions['administrator']['unblockself'] = true; $wgGroupPermissions['sysop']['unblockself'] = true; $wgGroupPermissions['Wiki-Admin']['unblockself'] = true; ##### undelete ##### $wgGroupPermissions['administrator']['undelete'] = true; $wgGroupPermissions['sysop']['undelete'] = true; $wgGroupPermissions['Wiki-Admin']['undelete'] = true; $wgGroupPermissions['Wiki-Moderator']['undelete'] = true; $wgGroupPermissions['Wiki-Editor']['undelete'] = true; ##### unwatchedpages ##### $wgGroupPermissions['administrator']['unwatchedpages'] = true; $wgGroupPermissions['sysop']['unwatchedpages'] = true; $wgGroupPermissions['Wiki-Admin']['unwatchedpages'] = true; ##### upload ##### ##### To enable image/file uploads, make sure the 'images' directory is writable (chmod777), and the $wgEnableUploads = true; ##### Upload permissions ##### restricted to groups (requires createpage permission as well - each upload has one page create> $wgEnableUploads = true; // Enable uploads $wgGroupPermissions['administrator']['upload'] = true; $wgGroupPermissions['sysop']['upload'] = true; $wgGroupPermissions['Bureaucrat']['upload'] = true; $wgGroupPermissions['Linux-Admin']['upload'] = true; $wgGroupPermissions['Wiki-Admin']['upload'] = true; $wgGroupPermissions['Wiki-Moderator']['upload'] = true; $wgGroupPermissions['Wiki-Editor']['upload'] = true; $wgGroupPermissions['Wiki-Updater']['upload'] = true; # Configuration #$wgUseImageMagick = true; #$wgImageMagickConvertCommand = "/usr/bin/convert"; $wgEnableWriteAPI = true; // Enable the API $wgAllowJavaUploads = true; // Solves problem with Office 2007 and newer files (docx, xlsx, etc.) $wgFileExtensions = array('png','svg','gif','jpg','jpeg','doc','xls','pdf','ppt','tiff','bmp','docx','xlsx','pptx'); ##### upload_by_url ##### $wgGroupPermissions['sysop']['upload_by_url'] = true; $wgGroupPermissions['Linux-Admin']['upload_by_url'] = true; $wgGroupPermissions['Wiki-Admin']['upload_by_url'] = true; ##### User Merge ##### wfLoadExtension( 'UserMerge' ); // By default nobody can use this function, enable for bureaucrat? $wgGroupPermissions['bureaucrat']['usermerge'] = true; $wgGroupPermissions['Wiki-Server-Admin']['usermerge'] = true; $wgGroupPermissions['sysop']['usermerge'] = true; // optional: default is array( 'sysop' ) // $wgUserMergeProtectedGroups = array( 'groupname' ); ##### userrights ##### $wgGroupPermissions['administrator']['userrights'] = true; $wgGroupPermissions['sysop']['userrights'] = true; $wgGroupPermissions['Bureaucrat']['userrights'] = true; $wgGroupPermissions['Wiki-Admin']['userrights'] = true; ##### userrights-interwiki ##### $wgGroupPermissions['sysop']['userrights-interwiki'] = true; $wgGroupPermissions['Linux-Admin']['userrights-interwiki'] = true; $wgGroupPermissions['Wiki-Admin']['userrights-interwiki'] = true; ##### viewmyprivateinfo ##### $wgGroupPermissions['user']['viewmyprivateinfo'] = true; ##### viewmywatchlist ##### $wgGroupPermissions['user']['viewmywatchlist'] = true; ##### viewsuppressed ##### $wgGroupPermissions['administrator']['viewsuppressed'] = true; $wgGroupPermissions['sysop']['viewsuppressed'] = true; $wgGroupPermissions['Wiki-Editor']['viewsuppressed'] = true; ##### writeapi ##### $wgGroupPermissions['administrator']['writeapi'] = true; $wgGroupPermissions['sysop']['writeapi'] = true; $wgGroupPermissions['Bot']['writeapi'] = true; $wgGroupPermissions['Bureaucrat']['writeapi'] = true; $wgGroupPermissions['Linux-Admin']['writeapi'] = true; $wgGroupPermissions['Wiki-Admin']['writeapi'] = true; $wgGroupPermissions['Wiki-Moderator']['writeapi'] = true; $wgGroupPermissions['Wiki-Editor']['writeapi'] = true; $wgGroupPermissions['Wiki-Updater']['writeapi'] = true; ################################################################################## # # END OF THE PERMISSION SET UP # ################################################################################## # Extension RightFunctions // Activation require_once "$IP/extensions/RightFunctions/RightFunctions.php"; # Extension RestrictAccessByCategoryAndGroup // Activation require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php"; $wgGroupPermissions['Financial no public data']['*'] = true; $wgGroupPermissions['Financial private data']['private'] = true; # Extension EditUser // Activation wfLoadExtension( 'EditUser' ); // Configuration $wgGroupPermissions['bureaucrat']['edituser'] = true; $wgGroupPermissions['sysop']['edituser-exempt'] = true;