Difference between revisions of "Mediawiki Security Matrix"
Jump to navigation
Jump to search
(Page creation) |
m (Page creation) |
||
| Line 25: | Line 25: | ||
$wgGroupPermissions['Wiki-Admin']['Process-Editor'] = true; | $wgGroupPermissions['Wiki-Admin']['Process-Editor'] = true; | ||
$wgGroupPermissions['Wiki-Admin']['Semantic-DBA'] = true; | $wgGroupPermissions['Wiki-Admin']['Semantic-DBA'] = true; | ||
| + | $wgGroupPermissions['administrator']['Semantic-DBA'] = true; | ||
| + | $wgGroupPermissions['sysop']['Semantic-DBA'] = true; | ||
################################## | ################################## | ||
# GLOBAL Group permissions reset # other default permissions remain unchanged | # GLOBAL Group permissions reset # other default permissions remain unchanged | ||
############################################################################# | ############################################################################# | ||
| − | $wgGroupPermissions['*'][' | + | # Setting '*' to false doesn't disable rights for groups that have the right separately set to true! |
| − | $wgGroupPermissions['*'][' | + | #################################################################################################### |
| − | $wgGroupPermissions['*'][' | + | # Non-registered users rights disabling |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['approverevision'] = false; |
| − | $wgGroupPermissions['*']['viewlinktolatest'] = false; | + | $wgGroupPermissions['*']['approverevision'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['viewapprover'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['viewapprover'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['viewlinktolatest'] = false; |
| − | $wgGroupPermissions['*']['createaccount'] = false; | + | $wgGroupPermissions['*']['viewlinktolatest'] = false; |
| − | $wgGroupPermissions['*']['createtalk'] = false; | + | $wgGroupPermissions['*']['applychangetags'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['changetags'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['changetags'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['createaccount'] = false; |
| + | $wgGroupPermissions['*']['createpage'] = false; | ||
| + | $wgGroupPermissions['*']['createpage'] = false; | ||
| + | $wgGroupPermissions['*']['createtalk'] = false; | ||
| + | $wgGroupPermissions['*']['createtalk'] = false; | ||
| + | $wgGroupPermissions['*']['edit'] = false; | ||
| + | $wgGroupPermissions['*']['edit'] = false; | ||
| + | $wgGroupPermissions['*']['editcontentmodel'] = false; | ||
| + | $wgGroupPermissions['*']['editcontentmodel'] = false; | ||
| + | $wgGroupPermissions['*']['editmyoptions'] = false; | ||
| + | $wgGroupPermissions['*']['editmyprivateinfo'] = false; | ||
$wgGroupPermissions['*']['minoredit'] = false; | $wgGroupPermissions['*']['minoredit'] = false; | ||
| + | $wgGroupPermissions['*']['move'] = false; | ||
| + | $wgGroupPermissions['*']['move-categorypages'] = false; | ||
| + | $wgGroupPermissions['*']['movefile'] = false; | ||
| + | $wgGroupPermissions['*']['move-rootuserpages'] = false; | ||
| + | $wgGroupPermissions['*']['move-subpages'] = false; | ||
| + | $wgGroupPermissions['*']['override-export-depth'] = false; | ||
| + | $wgGroupPermissions['*']['pagelang'] = false; | ||
| + | $wgGroupPermissions['*']['patrolmarks'] = false; | ||
| + | $wgGroupPermissions['*']['purge'] = false; | ||
| + | $wgGroupPermissions['*']['read'] = false; | ||
| + | $wgGroupPermissions['*']['readapi'] = false; | ||
| + | $wgGroupPermissions['*']['readapi'] = false; | ||
| + | $wgGroupPermissions['*']['reupload'] = false; | ||
| + | $wgGroupPermissions['*']['reupload-own'] = false; | ||
| + | $wgGroupPermissions['*']['reupload-shared'] = false; | ||
$wgGroupPermissions['*']['sendemail'] = false; | $wgGroupPermissions['*']['sendemail'] = false; | ||
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['upload'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['viewmyprivateinfo'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['viewmywatchlist'] = false; |
| − | $wgGroupPermissions['*'][' | + | $wgGroupPermissions['*']['writeapi'] = false; |
| − | |||
| − | |||
| − | |||
$wgGroupPermissions['*']['writeapi'] = false; | $wgGroupPermissions['*']['writeapi'] = false; | ||
| − | $wgGroupPermissions[' | + | # Registered users rights disabling - to avoid right given by system/extension update |
| − | + | $wgGroupPermissions['user']['approverevision'] = false; | |
| − | + | $wgGroupPermissions['user']['approverevision'] = false; | |
| − | + | $wgGroupPermissions['user']['viewapprover'] = false; | |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['viewapprover'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['viewlinktolatest'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['viewlinktolatest'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['applychangetags'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['changetags'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['changetags'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['createaccount'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['createpage'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['createpage'] = false; |
| − | $wgGroupPermissions['user']['createtalk'] = false; | + | $wgGroupPermissions['user']['createtalk'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['createtalk'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['edit'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['edit'] = false; |
| + | $wgGroupPermissions['user']['editcontentmodel'] = false; | ||
| + | $wgGroupPermissions['user']['editcontentmodel'] = false; | ||
| + | $wgGroupPermissions['user']['editmyoptions'] = false; | ||
| + | $wgGroupPermissions['user']['editmyprivateinfo'] = false; | ||
$wgGroupPermissions['user']['minoredit'] = false; | $wgGroupPermissions['user']['minoredit'] = false; | ||
| + | $wgGroupPermissions['user']['move'] = false; | ||
| + | $wgGroupPermissions['user']['move-categorypages'] = false; | ||
| + | $wgGroupPermissions['user']['movefile'] = false; | ||
| + | $wgGroupPermissions['user']['move-rootuserpages'] = false; | ||
| + | $wgGroupPermissions['user']['move-subpages'] = false; | ||
| + | $wgGroupPermissions['user']['override-export-depth'] = false; | ||
| + | $wgGroupPermissions['user']['pagelang'] = false; | ||
| + | $wgGroupPermissions['user']['patrolmarks'] = false; | ||
| + | $wgGroupPermissions['user']['purge'] = false; | ||
| + | $wgGroupPermissions['user']['read'] = true; # Registered users can ready public files on the wiki. | ||
| + | $wgGroupPermissions['user']['readapi'] = false; | ||
| + | $wgGroupPermissions['user']['readapi'] = false; | ||
| + | $wgGroupPermissions['user']['reupload'] = false; | ||
| + | $wgGroupPermissions['user']['reupload-own'] = false; | ||
| + | $wgGroupPermissions['user']['reupload-shared'] = false; | ||
$wgGroupPermissions['user']['sendemail'] = false; | $wgGroupPermissions['user']['sendemail'] = false; | ||
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['upload'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['viewmyprivateinfo'] = false; |
| − | $wgGroupPermissions['user'][' | + | $wgGroupPermissions['user']['viewmywatchlist'] = false; |
| − | + | $wgGroupPermissions['user']['writeapi'] = false; | |
| − | |||
| − | |||
| − | $wgGroupPermissions['user'][' | ||
$wgGroupPermissions['user']['writeapi'] = false; | $wgGroupPermissions['user']['writeapi'] = false; | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | ### | + | ### Specific permissions (sub-)linked to user groups |
| − | ##### | + | ##### Image moving##### |
| − | + | $wgAllowImageMoving = true; // by default to registered user groups who do have the $wgBlockDisablesLogin = true; // for sysop group | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | ##### | + | ##### applychangetags ##### |
| − | $wgGroupPermissions['administrator'][' | + | $wgGroupPermissions['administrator']['applychangetags'] = true; |
| − | $wgGroupPermissions['sysop'][' | + | $wgGroupPermissions['sysop']['applychangetags'] = true; |
| − | + | $wgGroupPermissions['Wiki-Editor']['applychangetags'] = true; | |
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | $wgGroupPermissions['Wiki-Editor'][' | ||
#### REVISIONS #### | #### REVISIONS #### | ||
| Line 226: | Line 149: | ||
// stating who last approved it. By default it is given to all members of the 'sysop' group | // stating who last approved it. By default it is given to all members of the 'sysop' group | ||
##### Approve Revision ##### | ##### Approve Revision ##### | ||
| − | $wgGroupPermissions['administrator']['approverevisions'] = true; | + | $wgGroupPermissions['administrator']['approverevisions'] = true; |
| − | $wgGroupPermissions['sysop']['approverevisions'] = true; ### this is normally by default | + | $wgGroupPermissions['sysop']['approverevisions'] = true; ### this is normally by default |
| − | $wgGroupPermissions['Wikidoc-Admin-Rev']['approverevision'] = true; | + | $wgGroupPermissions['Wikidoc-Admin-Rev']['approverevision'] = true; |
##### View latest version link ##### | ##### View latest version link ##### | ||
| Line 236: | Line 159: | ||
$wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true; | $wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true; | ||
$wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true; | $wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true; | ||
| − | |||
##### View Approver ##### | ##### View Approver ##### | ||
| − | $wgGroupPermissions['user']['viewapprover'] = true; | + | $wgGroupPermissions['user']['viewapprover'] = true; |
##### Delete Revision ##### | ##### Delete Revision ##### | ||
| − | $wgGroupPermissions['administrator']['deleterevision'] = true; | + | $wgGroupPermissions['administrator']['deleterevision'] = true; |
| − | $wgGroupPermissions['sysop']['deleterevision'] = true; | + | $wgGroupPermissions['sysop']['deleterevision'] = true; |
| − | $wgGroupPermissions['Wikidoc-Admin-Rev']['deleterevision'] = true; | + | $wgGroupPermissions['Wikidoc-Admin-Rev']['deleterevision'] = true; |
//automatic approvals by groups with approverevision true | //automatic approvals by groups with approverevision true | ||
| − | $egApprovedRevsAutomaticApprovals = false; | + | $egApprovedRevsAutomaticApprovals = false; |
//Displaying unapproved pages as blank | //Displaying unapproved pages as blank | ||
| − | $egApprovedRevsBlankIfUnapproved = false; ### to be set to true for clean-up | + | $egApprovedRevsBlankIfUnapproved = false; ### to be set to true for clean-up |
//Indicating unapproved pages | //Indicating unapproved pages | ||
| − | $egApprovedRevsShowNotApprovedMessage = true; | + | $egApprovedRevsShowNotApprovedMessage = true; |
| − | $egApprovedRevsShowApproveLatest = true; | + | $egApprovedRevsShowApproveLatest = true; |
| + | |||
| + | ##### ['autocreateaccount'] ##### | ||
| + | $wgGroupPermissions['*']['autocreateaccount'] = true; | ||
| + | |||
| + | ##### autopatrol ##### | ||
| + | $wgGroupPermissions['Wiki-Admin']['autopatrol'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['autopatrol'] = true; | ||
| + | |||
| + | ##### bigdelete ##### | ||
| + | $wgGroupPermissions['sysop']['bigdelete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['bigdelete'] = true; | ||
| + | |||
| + | ##### block ##### | ||
| + | $wgGroupPermissions['sysop']['block'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['block'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['block'] = true; | ||
| + | |||
| + | ##### blockemail ##### | ||
| + | $wgGroupPermissions['sysop']['blockemail'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['blockemail'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['blockemail'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['blockemail'] = true; | ||
| + | |||
| + | ##### browsearchive ##### | ||
| + | $wgGroupPermissions['administrator']['browsearchive'] = true; | ||
| + | $wgGroupPermissions['sysop']['browsearchive'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['browsearchive'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['browsearchive'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['browsearchive'] = true; | ||
| + | |||
| + | ##### changetags ##### | ||
| + | $wgGroupPermissions['administrator']['changetags'] = true; | ||
| + | $wgGroupPermissions['sysop']['changetags'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['changetags'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['changetags'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['changetags'] = true; | ||
| + | |||
| + | ##### createaccount ##### | ||
| + | $wgGroupPermissions['administrator']['createaccount'] = true; | ||
| + | $wgGroupPermissions['sysop']['createaccount'] = true; | ||
| + | $wgGroupPermissions['Bureaucrat']['createaccount'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['createaccount'] = true; | ||
| + | |||
| + | ##### createpage ##### | ||
| + | $wgGroupPermissions['administrator']['createpage'] = true; | ||
| + | $wgGroupPermissions['sysop']['createpage'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['createpage'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['createpage'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['createpage'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['createpage'] = true; | ||
| + | |||
| + | ##### createtalk ##### | ||
| + | $wgGroupPermissions['administrator']['createtalk'] = true; | ||
| + | $wgGroupPermissions['sysop']['createtalk'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['createtalk'] = true; | ||
| + | |||
| + | ##### delete ##### | ||
| + | $wgGroupPermissions['administrator']['delete'] = true; | ||
| + | $wgGroupPermissions['sysop']['delete'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['delete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['delete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['delete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['delete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['delete'] = true; | ||
| + | |||
| + | ##### deletechangetags ##### | ||
| + | $wgGroupPermissions['Wiki-Admin']['deletechangetags'] = true; | ||
| + | |||
| + | ##### deletedhistory ##### | ||
| + | $wgGroupPermissions['administrator']['deletedhistory'] = true; | ||
| + | $wgGroupPermissions['sysop']['deletedhistory'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['deletedhistory'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['deletedhistory'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['deletedhistory'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['deletedhistory'] = true; | ||
| + | |||
| + | ##### deletedtext ##### | ||
| + | $wgGroupPermissions['administrator']['deletedtext'] = true; | ||
| + | $wgGroupPermissions['sysop']['deletedtext'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['deletedtext'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['deletedtext'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['deletedtext'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['deletedtext'] = true; | ||
| + | |||
| + | ##### deletelogentry ##### | ||
| + | $wgGroupPermissions['administrator']['deletelogentry'] = true; | ||
| + | $wgGroupPermissions['sysop']['deletelogentry'] = true; | ||
| + | |||
| + | ##### deleterevision ##### | ||
| + | $wgGroupPermissions['administrator']['deleterevision'] = true; | ||
| + | $wgGroupPermissions['sysop']['deleterevision'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['deleterevision'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['deleterevision'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['deleterevision'] = true; | ||
| + | |||
| + | |||
| + | ##### edit ##### | ||
| + | $wgGroupPermissions['administrator']['edit'] = true; | ||
| + | $wgGroupPermissions['sysop']['edit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['edit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['edit'] = true; | ||
| + | |||
| + | ##### editcontentmodel ##### | ||
| + | $wgGroupPermissions['administrator']['editcontentmodel'] = true; | ||
| + | $wgGroupPermissions['sysop']['editcontentmodel'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editcontentmodel'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['editcontentmodel'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['editcontentmodel'] = true; | ||
| + | |||
| + | ##### editinterface ##### | ||
| + | $wgGroupPermissions['administrator']['editinterface'] = true; | ||
| + | $wgGroupPermissions['sysop']['editinterface'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editinterface'] = true; | ||
| + | |||
| + | ##### editmyoptions ##### | ||
| + | $wgGroupPermissions['administrator']['editmyoptions'] = true; | ||
| + | $wgGroupPermissions['sysop']['editmyoptions'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editmyoptions'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['editmyoptions'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['editmyoptions'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['editmyoptions'] = true; | ||
| + | |||
| + | ##### editmyprivateinfo ##### | ||
| + | $wgGroupPermissions['administrator']['editmyprivateinfo'] = true; | ||
| + | $wgGroupPermissions['sysop']['editmyprivateinfo'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editmyprivateinfo'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['editmyprivateinfo'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['editmyprivateinfo'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['editmyprivateinfo'] = true; | ||
| + | |||
| + | ##### editmyusercss ##### | ||
| + | $wgGroupPermissions['user']['editmyusercss'] = true; | ||
| + | |||
| + | ##### editmyuserjs ##### | ||
| + | $wgGroupPermissions['user']['editmyuserjs'] = true; | ||
| + | |||
| + | ##### editmyuserjson ##### | ||
| + | $wgGroupPermissions['user']['editmyuserjson'] = true; | ||
| + | |||
| + | ##### editmywatchlist ##### | ||
| + | $wgGroupPermissions['user']['editmywatchlist'] = true; | ||
| + | |||
| + | ##### editprotected ##### | ||
| + | $wgGroupPermissions['administrator']['editprotected'] = true; | ||
| + | $wgGroupPermissions['sysop']['editprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['editprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['editprotected'] = true; | ||
| + | |||
| + | ##### editsemiprotected ##### | ||
| + | $wgGroupPermissions['administrator']['editsemiprotected'] = true; | ||
| + | $wgGroupPermissions['sysop']['editsemiprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editsemiprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['editsemiprotected'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['editsemiprotected'] = true; | ||
| + | |||
| + | ##### editsitecss ##### | ||
| + | $wgGroupPermissions['administrator']['editsitecss'] = true; | ||
| + | $wgGroupPermissions['sysop']['editsitecss'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editsitecss'] = true; | ||
| + | |||
| + | ##### editsitejs ##### | ||
| + | $wgGroupPermissions['administrator']['editsitejs'] = true; | ||
| + | $wgGroupPermissions['sysop']['editsitejs'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editsitejs'] = true; | ||
| + | |||
| + | ##### editsitejson ##### | ||
| + | $wgGroupPermissions['administrator']['editsitejson'] = true; | ||
| + | $wgGroupPermissions['sysop']['editsitejson'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editsitejson'] = true; | ||
| + | |||
| + | ##### editusercss ##### | ||
| + | $wgGroupPermissions['administrator']['editusercss'] = true; | ||
| + | $wgGroupPermissions['sysop']['editusercss'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['editusercss'] = true; | ||
| + | |||
| + | ##### Extension EditUser ##### | ||
| + | // Activation | ||
| + | wfLoadExtension( 'EditUser' ); | ||
| + | // Configuration | ||
| + | $wgGroupPermissions['bureaucrat']['edituser'] = true; | ||
| + | $wgGroupPermissions['sysop']['edituser-exempt'] = true; | ||
| + | $wgGroupPermissions['administrator']['edituser'] = true; | ||
| + | |||
| + | ##### edituserjs ##### | ||
| + | $wgGroupPermissions['administrator']['edituserjs'] = true; | ||
| + | $wgGroupPermissions['sysop']['edituserjs'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['edituserjs'] = true; | ||
| + | |||
| + | ##### edituserjson ##### | ||
| + | $wgGroupPermissions['administrator']['edituserjson'] = true; | ||
| + | $wgGroupPermissions['sysop']['edituserjson'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['edituserjson'] = true; | ||
| + | |||
| + | ##### hideuser ##### | ||
| + | $wgGroupPermissions['administrator']['hideuser'] = true; | ||
| + | $wgGroupPermissions['sysop']['hideuser'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['hideuser'] = true; $wgGroupPermissions['Wiki-Moderator']['hideuser'] = true; | ||
| + | |||
| + | ##### import ##### | ||
| + | $wgGroupPermissions['administrator']['import'] = true; | ||
| + | $wgGroupPermissions['sysop']['import'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['import'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['import'] = true; | ||
| + | |||
| + | ##### importupload ##### | ||
| + | $wgGroupPermissions['administrator']['importupload'] = true; | ||
| + | $wgGroupPermissions['sysop']['importupload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['importupload'] = true; | ||
| + | |||
| + | ##### ipblock-exempt ##### | ||
| + | $wgGroupPermissions['administrator']['ipblock-exempt'] = true; | ||
| + | $wgGroupPermissions['sysop']['ipblock-exempt'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['ipblock-exempt'] = true; | ||
| + | |||
| + | ##### managechangetags ##### | ||
| + | $wgGroupPermissions['administrator']['managechangetags'] = true; | ||
| + | $wgGroupPermissions['sysop']['managechangetags'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['managechangetags'] = true; | ||
| + | |||
| + | ##### markbotedits ##### | ||
| + | $wgGroupPermissions['administrator']['markbotedits'] = true; | ||
| + | $wgGroupPermissions['sysop']['markbotedits'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['markbotedits'] = true; | ||
| + | |||
| + | ##### mergehistory ##### | ||
| + | $wgGroupPermissions['administrator']['mergehistory'] = true; | ||
| + | $wgGroupPermissions['sysop']['mergehistory'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['mergehistory'] = true; | ||
| − | ##### | + | ##### minoredit ##### |
| + | $wgGroupPermissions['administrator']['minoredit'] = true; | ||
| + | $wgGroupPermissions['sysop']['minoredit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['minoredit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['minoredit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['minoredit'] = true; | ||
| + | |||
| + | ##### move ##### | ||
| + | $wgGroupPermissions['administrator']['move'] = true; | ||
| + | $wgGroupPermissions['sysop']['move'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['move'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['move'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['move'] = true; | ||
| + | |||
| + | ##### move-categorypages ##### | ||
| + | $wgGroupPermissions['administrator']['move-categorypages'] = true; | ||
| + | $wgGroupPermissions['sysop']['move-categorypages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['move-categorypages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['move-categorypages'] = true; | ||
| + | |||
| + | ##### movefile ##### | ||
| + | $wgGroupPermissions['administrator']['movefile'] = true; | ||
| + | $wgGroupPermissions['sysop']['movefile'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['movefile'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['movefile'] = true; | ||
| + | |||
| + | ##### move-rootuserpages ##### | ||
| + | $wgGroupPermissions['administrator']['move-rootuserpages'] = true; | ||
| + | $wgGroupPermissions['sysop']['move-rootuserpages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['move-rootuserpages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['move-rootuserpages'] = true; | ||
| + | |||
| + | ##### move-subpages ##### | ||
| + | $wgGroupPermissions['administrator']['move-subpages'] = true; | ||
| + | $wgGroupPermissions['sysop']['move-subpages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['move-subpages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['move-subpages'] = true; | ||
| + | |||
| + | ##### nominornewtalk ##### | ||
| + | |||
| + | |||
| + | ##### noratelimit ##### | ||
| + | $wgGroupPermissions['administrator']['noratelimit'] = true; | ||
| + | $wgGroupPermissions['sysop']['noratelimit'] = true; | ||
| + | $wgGroupPermissions['Bureaucrat']['noratelimit'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['noratelimit'] = true; | ||
| + | |||
| + | ##### override-export-depth ##### | ||
| + | $wgGroupPermissions['administrator']['override-export-depth'] = true; | ||
| + | $wgGroupPermissions['sysop']['override-export-depth'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['override-export-depth'] = true; | ||
| + | |||
| + | ##### pagelang ##### | ||
| + | $wgGroupPermissions['administrator']['pagelang'] = true; | ||
| + | $wgGroupPermissions['sysop']['pagelang'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['pagelang'] = true; | ||
| + | |||
| + | ##### patrol ##### | ||
| + | $wgGroupPermissions['administrator']['patrol'] = true; | ||
| + | $wgGroupPermissions['sysop']['patrol'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['patrol'] = true; | ||
| + | |||
| + | ##### patrolmarks ##### | ||
| + | $wgGroupPermissions['administrator']['patrolmarks'] = true; | ||
| + | $wgGroupPermissions['sysop']['patrolmarks'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['patrolmarks'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['patrolmarks'] = true; | ||
| + | |||
| + | ##### protect ##### | ||
| + | $wgGroupPermissions['administrator']['protect'] = true; | ||
| + | $wgGroupPermissions['sysop']['protect'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['protect'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['protect'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['protect'] = true; | ||
| + | |||
| + | ##### purge ##### | ||
| + | $wgGroupPermissions['administrator']['purge'] = true; | ||
| + | $wgGroupPermissions['sysop']['purge'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['purge'] = true; | ||
| + | |||
| + | ##### read ##### | ||
| + | $wgGroupPermissions['user']['read'] = true; | ||
| + | |||
| + | |||
| + | ##### readapi ##### | ||
| + | $wgGroupPermissions['administrator']['readapi'] = true; | ||
| + | $wgGroupPermissions['sysop']['readapi'] = true; | ||
| + | $wgGroupPermissions['Bot']['readapi'] = true; | ||
| + | $wgGroupPermissions['Bureaucrat']['readapi'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['readapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['readapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['readapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['readapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['readapi'] = true; | ||
| + | |||
| + | ##### reupload ##### | ||
| + | $wgGroupPermissions['administrator']['reupload'] = true; | ||
| + | $wgGroupPermissions['sysop']['reupload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['reupload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['reupload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['reupload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['reupload'] = true; | ||
| + | |||
| + | ##### reupload-own ##### | ||
| + | $wgGroupPermissions['administrator']['reupload-own'] = true; | ||
| + | $wgGroupPermissions['sysop']['reupload-own'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['reupload-own'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['reupload-own'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['reupload-own'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['reupload-own'] = true; | ||
| + | |||
| + | ##### reupload-shared ##### | ||
| + | $wgGroupPermissions['administrator']['reupload-shared'] = true; | ||
| + | $wgGroupPermissions['sysop']['reupload-shared'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['reupload-shared'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['reupload-shared'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['reupload-shared'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['reupload-shared'] = true; | ||
| + | |||
| + | ##### rollback ##### | ||
$wgGroupPermissions['administrator']['rollback'] = true; | $wgGroupPermissions['administrator']['rollback'] = true; | ||
$wgGroupPermissions['sysop']['rollback'] = true; | $wgGroupPermissions['sysop']['rollback'] = true; | ||
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Wiki-Admin']['rollback'] = true; |
| + | $wgGroupPermissions['Wiki-Moderator']['rollback'] = true; | ||
| − | ##### | + | ##### sendemail ##### |
| − | $ | + | $wgGroupPermissions['administrator']['sendemail'] = true; |
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['sysop']['sendemail'] = true; |
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Bureaucrat']['sendemail'] = true; |
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Linux-Admin']['sendemail'] = true; |
| + | $wgGroupPermissions['Wiki-Admin']['sendemail'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['sendemail'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['sendemail'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['sendemail'] = true; | ||
| − | ##### | + | ##### siteadmin ##### |
| + | $wgGroupPermissions['administrator']['siteadmin'] = true; | ||
| + | $wgGroupPermissions['sysop']['siteadmin'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['siteadmin'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['siteadmin'] = true; | ||
| + | |||
| + | ##### suppressionlog ##### | ||
| + | $wgGroupPermissions['administrator']['suppressionlog'] = true; | ||
| + | $wgGroupPermissions['sysop']['suppressionlog'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['suppressionlog'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['suppressionlog'] = true; | ||
| + | |||
| + | ##### suppressredirect ##### | ||
| + | $wgGroupPermissions['administrator']['suppressredirect'] = true; | ||
| + | $wgGroupPermissions['sysop']['suppressredirect'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['suppressredirect'] = true; | ||
| + | |||
| + | ##### suppressrevision ##### | ||
$wgGroupPermissions['administrator']['suppressrevision'] = true; | $wgGroupPermissions['administrator']['suppressrevision'] = true; | ||
$wgGroupPermissions['sysop']['suppressrevision'] = true; | $wgGroupPermissions['sysop']['suppressrevision'] = true; | ||
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Wiki-Admin']['suppressrevision'] = true; |
| + | |||
| + | ##### unblockself ##### | ||
| + | $wgGroupPermissions['administrator']['unblockself'] = true; | ||
| + | $wgGroupPermissions['sysop']['unblockself'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['unblockself'] = true; | ||
| − | ##### | + | ##### undelete ##### |
| − | $wgGroupPermissions['administrator'][' | + | $wgGroupPermissions['administrator']['undelete'] = true; |
| − | $wgGroupPermissions['sysop'][' | + | $wgGroupPermissions['sysop']['undelete'] = true; |
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Wiki-Admin']['undelete'] = true; |
| + | $wgGroupPermissions['Wiki-Moderator']['undelete'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['undelete'] = true; | ||
| + | |||
| + | ##### unwatchedpages ##### | ||
| + | $wgGroupPermissions['administrator']['unwatchedpages'] = true; | ||
| + | $wgGroupPermissions['sysop']['unwatchedpages'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['unwatchedpages'] = true; | ||
| + | |||
| + | ##### upload ##### | ||
| + | ##### To enable image uploads, make sure the 'images' directory is writable (chmod777), the $wgEnableUploads = true; | ||
| + | ##### Upload permissions ##### restricted to groups (requires createpage permission as well - each upload has one page create> | ||
| + | $wgGroupPermissions['administrator']['upload'] = true; | ||
| + | $wgGroupPermissions['sysop']['upload'] = true; | ||
| + | $wgGroupPermissions['Bureaucrat']['upload'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['upload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['upload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['upload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['upload'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['upload'] = true; | ||
| + | |||
| + | ##### upload_by_url ##### | ||
| + | $wgGroupPermissions['sysop']['upload_by_url'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['upload_by_url'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['upload_by_url'] = true; | ||
| + | |||
| + | ##### User Merge ##### | ||
| + | wfLoadExtension( 'UserMerge' ); | ||
| + | // By default nobody can use this function, enable for bureaucrat? | ||
| + | $wgGroupPermissions['bureaucrat']['usermerge'] = true; | ||
| + | $wgGroupPermissions['Wiki-Server-Admin']['usermerge'] = true; | ||
| + | $wgGroupPermissions['sysop']['usermerge'] = true; | ||
| + | // optional: default is array( 'sysop' ) | ||
| + | // $wgUserMergeProtectedGroups = array( 'groupname' ); | ||
| + | |||
| + | |||
| + | ##### userrights ##### | ||
| + | $wgGroupPermissions['administrator']['userrights'] = true; | ||
| + | $wgGroupPermissions['sysop']['userrights'] = true; | ||
| + | $wgGroupPermissions['Bureaucrat']['userrights'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['userrights'] = true; | ||
| + | |||
| + | ##### userrights-interwiki ##### | ||
| + | $wgGroupPermissions['sysop']['userrights-interwiki'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['userrights-interwiki'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['userrights-interwiki'] = true; | ||
| + | |||
| + | ##### viewmyprivateinfo ##### | ||
| + | $wgGroupPermissions['user']['viewmyprivateinfo'] = true; | ||
| + | |||
| + | ##### viewmywatchlist ##### | ||
| + | $wgGroupPermissions['user']['viewmywatchlist'] = true; | ||
| + | |||
| + | ##### viewsuppressed ##### | ||
| + | $wgGroupPermissions['administrator']['viewsuppressed'] = true; | ||
| + | $wgGroupPermissions['sysop']['viewsuppressed'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['viewsuppressed'] = true; | ||
| − | ##### | + | ##### writeapi ##### |
| − | $wgGroupPermissions['administrator'][' | + | $wgGroupPermissions['administrator']['writeapi'] = true; |
| − | $wgGroupPermissions['sysop'][' | + | $wgGroupPermissions['sysop']['writeapi'] = true; |
| − | $wgGroupPermissions[' | + | $wgGroupPermissions['Bot']['writeapi'] = true; |
| + | $wgGroupPermissions['Bureaucrat']['writeapi'] = true; | ||
| + | $wgGroupPermissions['Linux-Admin']['writeapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Admin']['writeapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Moderator']['writeapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Editor']['writeapi'] = true; | ||
| + | $wgGroupPermissions['Wiki-Updater']['writeapi'] = true; | ||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
| − | |||
################################################################################## | ################################################################################## | ||
Revision as of 17:14, 16 February 2021
Security matrix sample to set up in LocalSettings.php
# Security settings
###########################################
# Group restricted categories added by JP #
###########################################
# Activation of the extension ############################################################
require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php"; #
######################################################################################################
# PRIVATE GROUPS WITH RESTRICTED ACCESS #
#########################################
$wgGroupPermissions['Linux-Admin']['private'] = true;
$wgGroupPermissions['Wiki-Admin']['private'] = true;
$wgGroupPermissions['TKI-Restricted']['private'] = true;
$wgGroupPermissions['NTRK-Restricted']['private'] = true;
$wgGroupPermissions['Process-Restricted']['private'] = true;
$wgGroupPermissions['Wiki-Admin']['private'] = true;
# add an additional protection level restricting edit/move/etc.
$wgRestrictionLevels[] = 'Process-Editor';
$wgGroupPermissions['sysop']['Process-Editor'] = true;
$wgGroupPermissions['Process-Restricted']['Process-Editor'] = true;
$wgGroupPermissions['administrator']['Process-Editor'] = true;
$wgGroupPermissions['Wiki-Admin']['Process-Editor'] = true;
$wgGroupPermissions['Wiki-Admin']['Semantic-DBA'] = true;
$wgGroupPermissions['administrator']['Semantic-DBA'] = true;
$wgGroupPermissions['sysop']['Semantic-DBA'] = true;
##################################
# GLOBAL Group permissions reset # other default permissions remain unchanged
#############################################################################
# Setting '*' to false doesn't disable rights for groups that have the right separately set to true!
####################################################################################################
# Non-registered users rights disabling
$wgGroupPermissions['*']['approverevision'] = false;
$wgGroupPermissions['*']['approverevision'] = false;
$wgGroupPermissions['*']['viewapprover'] = false;
$wgGroupPermissions['*']['viewapprover'] = false;
$wgGroupPermissions['*']['viewlinktolatest'] = false;
$wgGroupPermissions['*']['viewlinktolatest'] = false;
$wgGroupPermissions['*']['applychangetags'] = false;
$wgGroupPermissions['*']['changetags'] = false;
$wgGroupPermissions['*']['changetags'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createpage'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['createtalk'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['editcontentmodel'] = false;
$wgGroupPermissions['*']['editcontentmodel'] = false;
$wgGroupPermissions['*']['editmyoptions'] = false;
$wgGroupPermissions['*']['editmyprivateinfo'] = false;
$wgGroupPermissions['*']['minoredit'] = false;
$wgGroupPermissions['*']['move'] = false;
$wgGroupPermissions['*']['move-categorypages'] = false;
$wgGroupPermissions['*']['movefile'] = false;
$wgGroupPermissions['*']['move-rootuserpages'] = false;
$wgGroupPermissions['*']['move-subpages'] = false;
$wgGroupPermissions['*']['override-export-depth'] = false;
$wgGroupPermissions['*']['pagelang'] = false;
$wgGroupPermissions['*']['patrolmarks'] = false;
$wgGroupPermissions['*']['purge'] = false;
$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['*']['readapi'] = false;
$wgGroupPermissions['*']['readapi'] = false;
$wgGroupPermissions['*']['reupload'] = false;
$wgGroupPermissions['*']['reupload-own'] = false;
$wgGroupPermissions['*']['reupload-shared'] = false;
$wgGroupPermissions['*']['sendemail'] = false;
$wgGroupPermissions['*']['upload'] = false;
$wgGroupPermissions['*']['viewmyprivateinfo'] = false;
$wgGroupPermissions['*']['viewmywatchlist'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
$wgGroupPermissions['*']['writeapi'] = false;
# Registered users rights disabling - to avoid right given by system/extension update
$wgGroupPermissions['user']['approverevision'] = false;
$wgGroupPermissions['user']['approverevision'] = false;
$wgGroupPermissions['user']['viewapprover'] = false;
$wgGroupPermissions['user']['viewapprover'] = false;
$wgGroupPermissions['user']['viewlinktolatest'] = false;
$wgGroupPermissions['user']['viewlinktolatest'] = false;
$wgGroupPermissions['user']['applychangetags'] = false;
$wgGroupPermissions['user']['changetags'] = false;
$wgGroupPermissions['user']['changetags'] = false;
$wgGroupPermissions['user']['createaccount'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['user']['createpage'] = false;
$wgGroupPermissions['user']['createtalk'] = false;
$wgGroupPermissions['user']['createtalk'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['editcontentmodel'] = false;
$wgGroupPermissions['user']['editcontentmodel'] = false;
$wgGroupPermissions['user']['editmyoptions'] = false;
$wgGroupPermissions['user']['editmyprivateinfo'] = false;
$wgGroupPermissions['user']['minoredit'] = false;
$wgGroupPermissions['user']['move'] = false;
$wgGroupPermissions['user']['move-categorypages'] = false;
$wgGroupPermissions['user']['movefile'] = false;
$wgGroupPermissions['user']['move-rootuserpages'] = false;
$wgGroupPermissions['user']['move-subpages'] = false;
$wgGroupPermissions['user']['override-export-depth'] = false;
$wgGroupPermissions['user']['pagelang'] = false;
$wgGroupPermissions['user']['patrolmarks'] = false;
$wgGroupPermissions['user']['purge'] = false;
$wgGroupPermissions['user']['read'] = true; # Registered users can ready public files on the wiki.
$wgGroupPermissions['user']['readapi'] = false;
$wgGroupPermissions['user']['readapi'] = false;
$wgGroupPermissions['user']['reupload'] = false;
$wgGroupPermissions['user']['reupload-own'] = false;
$wgGroupPermissions['user']['reupload-shared'] = false;
$wgGroupPermissions['user']['sendemail'] = false;
$wgGroupPermissions['user']['upload'] = false;
$wgGroupPermissions['user']['viewmyprivateinfo'] = false;
$wgGroupPermissions['user']['viewmywatchlist'] = false;
$wgGroupPermissions['user']['writeapi'] = false;
$wgGroupPermissions['user']['writeapi'] = false;
### Specific permissions (sub-)linked to user groups
##### Image moving#####
$wgAllowImageMoving = true; // by default to registered user groups who do have the $wgBlockDisablesLogin = true; // for sysop group
##### applychangetags #####
$wgGroupPermissions['administrator']['applychangetags'] = true;
$wgGroupPermissions['sysop']['applychangetags'] = true;
$wgGroupPermissions['Wiki-Editor']['applychangetags'] = true;
#### REVISIONS ####
# enabling ApproveRevs extension
wfLoadExtension( 'ApprovedRevs' );
$wgGroupPermissions['*']['viewlinktolatest'] = false;
$wgGroupPermissions['sysop']['viewlinktolatest'] = true;
$wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true;
$wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true;
//'approverevisions' is the permission to approve and unapprove revisions of pages.
// By default it is given to all members of the 'sysop' group
//'viewlinktolatest' is the "permission" to see a note at the top of pages that have an approved revision,
// explaining that what the user is seeing is not necessarily the latest revision
//'viewapprover' is the "permission" to see another note at the top of pages that have an approved revision,
// stating who last approved it. By default it is given to all members of the 'sysop' group
##### Approve Revision #####
$wgGroupPermissions['administrator']['approverevisions'] = true;
$wgGroupPermissions['sysop']['approverevisions'] = true; ### this is normally by default
$wgGroupPermissions['Wikidoc-Admin-Rev']['approverevision'] = true;
##### View latest version link #####
$wgGroupPermissions['*']['viewlinktolatest'] = false;
$wgGroupPermissions['user']['viewlinktolatest'] = false;
$wgGroupPermissions['sysop']['viewlinktolatest'] = true;
$wgGroupPermissions['Wikidoc-Admin']['viewlinktolatest'] = true;
$wgGroupPermissions['Wikidoc-Admin-Rev']['viewlinktolatest'] = true;
##### View Approver #####
$wgGroupPermissions['user']['viewapprover'] = true;
##### Delete Revision #####
$wgGroupPermissions['administrator']['deleterevision'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
$wgGroupPermissions['Wikidoc-Admin-Rev']['deleterevision'] = true;
//automatic approvals by groups with approverevision true
$egApprovedRevsAutomaticApprovals = false;
//Displaying unapproved pages as blank
$egApprovedRevsBlankIfUnapproved = false; ### to be set to true for clean-up
//Indicating unapproved pages
$egApprovedRevsShowNotApprovedMessage = true;
$egApprovedRevsShowApproveLatest = true;
##### ['autocreateaccount'] #####
$wgGroupPermissions['*']['autocreateaccount'] = true;
##### autopatrol #####
$wgGroupPermissions['Wiki-Admin']['autopatrol'] = true;
$wgGroupPermissions['Wiki-Moderator']['autopatrol'] = true;
##### bigdelete #####
$wgGroupPermissions['sysop']['bigdelete'] = true;
$wgGroupPermissions['Wiki-Admin']['bigdelete'] = true;
##### block #####
$wgGroupPermissions['sysop']['block'] = true;
$wgGroupPermissions['Linux-Admin']['block'] = true;
$wgGroupPermissions['Wiki-Admin']['block'] = true;
##### blockemail #####
$wgGroupPermissions['sysop']['blockemail'] = true;
$wgGroupPermissions['Linux-Admin']['blockemail'] = true;
$wgGroupPermissions['Wiki-Admin']['blockemail'] = true;
$wgGroupPermissions['Wiki-Moderator']['blockemail'] = true;
##### browsearchive #####
$wgGroupPermissions['administrator']['browsearchive'] = true;
$wgGroupPermissions['sysop']['browsearchive'] = true;
$wgGroupPermissions['Wiki-Admin']['browsearchive'] = true;
$wgGroupPermissions['Wiki-Moderator']['browsearchive'] = true;
$wgGroupPermissions['Wiki-Editor']['browsearchive'] = true;
##### changetags #####
$wgGroupPermissions['administrator']['changetags'] = true;
$wgGroupPermissions['sysop']['changetags'] = true;
$wgGroupPermissions['Wiki-Admin']['changetags'] = true;
$wgGroupPermissions['Wiki-Moderator']['changetags'] = true;
$wgGroupPermissions['Wiki-Editor']['changetags'] = true;
##### createaccount #####
$wgGroupPermissions['administrator']['createaccount'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['Bureaucrat']['createaccount'] = true;
$wgGroupPermissions['Wiki-Admin']['createaccount'] = true;
##### createpage #####
$wgGroupPermissions['administrator']['createpage'] = true;
$wgGroupPermissions['sysop']['createpage'] = true;
$wgGroupPermissions['Wiki-Admin']['createpage'] = true;
$wgGroupPermissions['Wiki-Moderator']['createpage'] = true;
$wgGroupPermissions['Wiki-Editor']['createpage'] = true;
$wgGroupPermissions['Wiki-Updater']['createpage'] = true;
##### createtalk #####
$wgGroupPermissions['administrator']['createtalk'] = true;
$wgGroupPermissions['sysop']['createtalk'] = true;
$wgGroupPermissions['Wiki-Admin']['createtalk'] = true;
##### delete #####
$wgGroupPermissions['administrator']['delete'] = true;
$wgGroupPermissions['sysop']['delete'] = true;
$wgGroupPermissions['Linux-Admin']['delete'] = true;
$wgGroupPermissions['Wiki-Admin']['delete'] = true;
$wgGroupPermissions['Wiki-Moderator']['delete'] = true;
$wgGroupPermissions['Wiki-Editor']['delete'] = true;
$wgGroupPermissions['Wiki-Updater']['delete'] = true;
##### deletechangetags #####
$wgGroupPermissions['Wiki-Admin']['deletechangetags'] = true;
##### deletedhistory #####
$wgGroupPermissions['administrator']['deletedhistory'] = true;
$wgGroupPermissions['sysop']['deletedhistory'] = true;
$wgGroupPermissions['Wiki-Admin']['deletedhistory'] = true;
$wgGroupPermissions['Wiki-Moderator']['deletedhistory'] = true;
$wgGroupPermissions['Wiki-Editor']['deletedhistory'] = true;
$wgGroupPermissions['Wiki-Updater']['deletedhistory'] = true;
##### deletedtext #####
$wgGroupPermissions['administrator']['deletedtext'] = true;
$wgGroupPermissions['sysop']['deletedtext'] = true;
$wgGroupPermissions['Wiki-Admin']['deletedtext'] = true;
$wgGroupPermissions['Wiki-Moderator']['deletedtext'] = true;
$wgGroupPermissions['Wiki-Editor']['deletedtext'] = true;
$wgGroupPermissions['Wiki-Updater']['deletedtext'] = true;
##### deletelogentry #####
$wgGroupPermissions['administrator']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deletelogentry'] = true;
##### deleterevision #####
$wgGroupPermissions['administrator']['deleterevision'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
$wgGroupPermissions['Wiki-Admin']['deleterevision'] = true;
$wgGroupPermissions['Wiki-Moderator']['deleterevision'] = true;
$wgGroupPermissions['Wiki-Editor']['deleterevision'] = true;
##### edit #####
$wgGroupPermissions['administrator']['edit'] = true;
$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['Wiki-Editor']['edit'] = true;
$wgGroupPermissions['Wiki-Updater']['edit'] = true;
##### editcontentmodel #####
$wgGroupPermissions['administrator']['editcontentmodel'] = true;
$wgGroupPermissions['sysop']['editcontentmodel'] = true;
$wgGroupPermissions['Wiki-Admin']['editcontentmodel'] = true;
$wgGroupPermissions['Wiki-Moderator']['editcontentmodel'] = true;
$wgGroupPermissions['Wiki-Editor']['editcontentmodel'] = true;
##### editinterface #####
$wgGroupPermissions['administrator']['editinterface'] = true;
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['Wiki-Admin']['editinterface'] = true;
##### editmyoptions #####
$wgGroupPermissions['administrator']['editmyoptions'] = true;
$wgGroupPermissions['sysop']['editmyoptions'] = true;
$wgGroupPermissions['Wiki-Admin']['editmyoptions'] = true;
$wgGroupPermissions['Wiki-Moderator']['editmyoptions'] = true;
$wgGroupPermissions['Wiki-Editor']['editmyoptions'] = true;
$wgGroupPermissions['Wiki-Updater']['editmyoptions'] = true;
##### editmyprivateinfo #####
$wgGroupPermissions['administrator']['editmyprivateinfo'] = true;
$wgGroupPermissions['sysop']['editmyprivateinfo'] = true;
$wgGroupPermissions['Wiki-Admin']['editmyprivateinfo'] = true;
$wgGroupPermissions['Wiki-Moderator']['editmyprivateinfo'] = true;
$wgGroupPermissions['Wiki-Editor']['editmyprivateinfo'] = true;
$wgGroupPermissions['Wiki-Updater']['editmyprivateinfo'] = true;
##### editmyusercss #####
$wgGroupPermissions['user']['editmyusercss'] = true;
##### editmyuserjs #####
$wgGroupPermissions['user']['editmyuserjs'] = true;
##### editmyuserjson #####
$wgGroupPermissions['user']['editmyuserjson'] = true;
##### editmywatchlist #####
$wgGroupPermissions['user']['editmywatchlist'] = true;
##### editprotected #####
$wgGroupPermissions['administrator']['editprotected'] = true;
$wgGroupPermissions['sysop']['editprotected'] = true;
$wgGroupPermissions['Wiki-Admin']['editprotected'] = true;
$wgGroupPermissions['Wiki-Moderator']['editprotected'] = true;
$wgGroupPermissions['Wiki-Editor']['editprotected'] = true;
##### editsemiprotected #####
$wgGroupPermissions['administrator']['editsemiprotected'] = true;
$wgGroupPermissions['sysop']['editsemiprotected'] = true;
$wgGroupPermissions['Wiki-Admin']['editsemiprotected'] = true;
$wgGroupPermissions['Wiki-Moderator']['editsemiprotected'] = true;
$wgGroupPermissions['Wiki-Editor']['editsemiprotected'] = true;
##### editsitecss #####
$wgGroupPermissions['administrator']['editsitecss'] = true;
$wgGroupPermissions['sysop']['editsitecss'] = true;
$wgGroupPermissions['Wiki-Admin']['editsitecss'] = true;
##### editsitejs #####
$wgGroupPermissions['administrator']['editsitejs'] = true;
$wgGroupPermissions['sysop']['editsitejs'] = true;
$wgGroupPermissions['Wiki-Admin']['editsitejs'] = true;
##### editsitejson #####
$wgGroupPermissions['administrator']['editsitejson'] = true;
$wgGroupPermissions['sysop']['editsitejson'] = true;
$wgGroupPermissions['Wiki-Admin']['editsitejson'] = true;
##### editusercss #####
$wgGroupPermissions['administrator']['editusercss'] = true;
$wgGroupPermissions['sysop']['editusercss'] = true;
$wgGroupPermissions['Wiki-Admin']['editusercss'] = true;
##### Extension EditUser #####
// Activation
wfLoadExtension( 'EditUser' );
// Configuration
$wgGroupPermissions['bureaucrat']['edituser'] = true;
$wgGroupPermissions['sysop']['edituser-exempt'] = true;
$wgGroupPermissions['administrator']['edituser'] = true;
##### edituserjs #####
$wgGroupPermissions['administrator']['edituserjs'] = true;
$wgGroupPermissions['sysop']['edituserjs'] = true;
$wgGroupPermissions['Wiki-Admin']['edituserjs'] = true;
##### edituserjson #####
$wgGroupPermissions['administrator']['edituserjson'] = true;
$wgGroupPermissions['sysop']['edituserjson'] = true;
$wgGroupPermissions['Wiki-Admin']['edituserjson'] = true;
##### hideuser #####
$wgGroupPermissions['administrator']['hideuser'] = true;
$wgGroupPermissions['sysop']['hideuser'] = true;
$wgGroupPermissions['Wiki-Admin']['hideuser'] = true; $wgGroupPermissions['Wiki-Moderator']['hideuser'] = true;
##### import #####
$wgGroupPermissions['administrator']['import'] = true;
$wgGroupPermissions['sysop']['import'] = true;
$wgGroupPermissions['Wiki-Admin']['import'] = true;
$wgGroupPermissions['Wiki-Editor']['import'] = true;
##### importupload #####
$wgGroupPermissions['administrator']['importupload'] = true;
$wgGroupPermissions['sysop']['importupload'] = true;
$wgGroupPermissions['Wiki-Admin']['importupload'] = true;
##### ipblock-exempt #####
$wgGroupPermissions['administrator']['ipblock-exempt'] = true;
$wgGroupPermissions['sysop']['ipblock-exempt'] = true;
$wgGroupPermissions['Wiki-Admin']['ipblock-exempt'] = true;
##### managechangetags #####
$wgGroupPermissions['administrator']['managechangetags'] = true;
$wgGroupPermissions['sysop']['managechangetags'] = true;
$wgGroupPermissions['Wiki-Admin']['managechangetags'] = true;
##### markbotedits #####
$wgGroupPermissions['administrator']['markbotedits'] = true;
$wgGroupPermissions['sysop']['markbotedits'] = true;
$wgGroupPermissions['Wiki-Admin']['markbotedits'] = true;
##### mergehistory #####
$wgGroupPermissions['administrator']['mergehistory'] = true;
$wgGroupPermissions['sysop']['mergehistory'] = true;
$wgGroupPermissions['Wiki-Admin']['mergehistory'] = true;
##### minoredit #####
$wgGroupPermissions['administrator']['minoredit'] = true;
$wgGroupPermissions['sysop']['minoredit'] = true;
$wgGroupPermissions['Wiki-Admin']['minoredit'] = true;
$wgGroupPermissions['Wiki-Editor']['minoredit'] = true;
$wgGroupPermissions['Wiki-Updater']['minoredit'] = true;
##### move #####
$wgGroupPermissions['administrator']['move'] = true;
$wgGroupPermissions['sysop']['move'] = true;
$wgGroupPermissions['Wiki-Admin']['move'] = true;
$wgGroupPermissions['Wiki-Editor']['move'] = true;
$wgGroupPermissions['Wiki-Updater']['move'] = true;
##### move-categorypages #####
$wgGroupPermissions['administrator']['move-categorypages'] = true;
$wgGroupPermissions['sysop']['move-categorypages'] = true;
$wgGroupPermissions['Wiki-Admin']['move-categorypages'] = true;
$wgGroupPermissions['Wiki-Editor']['move-categorypages'] = true;
##### movefile #####
$wgGroupPermissions['administrator']['movefile'] = true;
$wgGroupPermissions['sysop']['movefile'] = true;
$wgGroupPermissions['Wiki-Admin']['movefile'] = true;
$wgGroupPermissions['Wiki-Editor']['movefile'] = true;
##### move-rootuserpages #####
$wgGroupPermissions['administrator']['move-rootuserpages'] = true;
$wgGroupPermissions['sysop']['move-rootuserpages'] = true;
$wgGroupPermissions['Wiki-Admin']['move-rootuserpages'] = true;
$wgGroupPermissions['Wiki-Editor']['move-rootuserpages'] = true;
##### move-subpages #####
$wgGroupPermissions['administrator']['move-subpages'] = true;
$wgGroupPermissions['sysop']['move-subpages'] = true;
$wgGroupPermissions['Wiki-Admin']['move-subpages'] = true;
$wgGroupPermissions['Wiki-Editor']['move-subpages'] = true;
##### nominornewtalk #####
##### noratelimit #####
$wgGroupPermissions['administrator']['noratelimit'] = true;
$wgGroupPermissions['sysop']['noratelimit'] = true;
$wgGroupPermissions['Bureaucrat']['noratelimit'] = true;
$wgGroupPermissions['Wiki-Admin']['noratelimit'] = true;
##### override-export-depth #####
$wgGroupPermissions['administrator']['override-export-depth'] = true;
$wgGroupPermissions['sysop']['override-export-depth'] = true;
$wgGroupPermissions['Wiki-Admin']['override-export-depth'] = true;
##### pagelang #####
$wgGroupPermissions['administrator']['pagelang'] = true;
$wgGroupPermissions['sysop']['pagelang'] = true;
$wgGroupPermissions['Wiki-Admin']['pagelang'] = true;
##### patrol #####
$wgGroupPermissions['administrator']['patrol'] = true;
$wgGroupPermissions['sysop']['patrol'] = true;
$wgGroupPermissions['Wiki-Admin']['patrol'] = true;
##### patrolmarks #####
$wgGroupPermissions['administrator']['patrolmarks'] = true;
$wgGroupPermissions['sysop']['patrolmarks'] = true;
$wgGroupPermissions['Wiki-Admin']['patrolmarks'] = true;
$wgGroupPermissions['Wiki-Moderator']['patrolmarks'] = true;
##### protect #####
$wgGroupPermissions['administrator']['protect'] = true;
$wgGroupPermissions['sysop']['protect'] = true;
$wgGroupPermissions['Wiki-Admin']['protect'] = true;
$wgGroupPermissions['Wiki-Editor']['protect'] = true;
$wgGroupPermissions['Wiki-Updater']['protect'] = true;
##### purge #####
$wgGroupPermissions['administrator']['purge'] = true;
$wgGroupPermissions['sysop']['purge'] = true;
$wgGroupPermissions['Wiki-Admin']['purge'] = true;
##### read #####
$wgGroupPermissions['user']['read'] = true;
##### readapi #####
$wgGroupPermissions['administrator']['readapi'] = true;
$wgGroupPermissions['sysop']['readapi'] = true;
$wgGroupPermissions['Bot']['readapi'] = true;
$wgGroupPermissions['Bureaucrat']['readapi'] = true;
$wgGroupPermissions['Linux-Admin']['readapi'] = true;
$wgGroupPermissions['Wiki-Admin']['readapi'] = true;
$wgGroupPermissions['Wiki-Moderator']['readapi'] = true;
$wgGroupPermissions['Wiki-Editor']['readapi'] = true;
$wgGroupPermissions['Wiki-Updater']['readapi'] = true;
##### reupload #####
$wgGroupPermissions['administrator']['reupload'] = true;
$wgGroupPermissions['sysop']['reupload'] = true;
$wgGroupPermissions['Wiki-Admin']['reupload'] = true;
$wgGroupPermissions['Wiki-Moderator']['reupload'] = true;
$wgGroupPermissions['Wiki-Editor']['reupload'] = true;
$wgGroupPermissions['Wiki-Updater']['reupload'] = true;
##### reupload-own #####
$wgGroupPermissions['administrator']['reupload-own'] = true;
$wgGroupPermissions['sysop']['reupload-own'] = true;
$wgGroupPermissions['Wiki-Admin']['reupload-own'] = true;
$wgGroupPermissions['Wiki-Moderator']['reupload-own'] = true;
$wgGroupPermissions['Wiki-Editor']['reupload-own'] = true;
$wgGroupPermissions['Wiki-Updater']['reupload-own'] = true;
##### reupload-shared #####
$wgGroupPermissions['administrator']['reupload-shared'] = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
$wgGroupPermissions['Wiki-Admin']['reupload-shared'] = true;
$wgGroupPermissions['Wiki-Moderator']['reupload-shared'] = true;
$wgGroupPermissions['Wiki-Editor']['reupload-shared'] = true;
$wgGroupPermissions['Wiki-Updater']['reupload-shared'] = true;
##### rollback #####
$wgGroupPermissions['administrator']['rollback'] = true;
$wgGroupPermissions['sysop']['rollback'] = true;
$wgGroupPermissions['Wiki-Admin']['rollback'] = true;
$wgGroupPermissions['Wiki-Moderator']['rollback'] = true;
##### sendemail #####
$wgGroupPermissions['administrator']['sendemail'] = true;
$wgGroupPermissions['sysop']['sendemail'] = true;
$wgGroupPermissions['Bureaucrat']['sendemail'] = true;
$wgGroupPermissions['Linux-Admin']['sendemail'] = true;
$wgGroupPermissions['Wiki-Admin']['sendemail'] = true;
$wgGroupPermissions['Wiki-Moderator']['sendemail'] = true;
$wgGroupPermissions['Wiki-Editor']['sendemail'] = true;
$wgGroupPermissions['Wiki-Updater']['sendemail'] = true;
##### siteadmin #####
$wgGroupPermissions['administrator']['siteadmin'] = true;
$wgGroupPermissions['sysop']['siteadmin'] = true;
$wgGroupPermissions['Linux-Admin']['siteadmin'] = true;
$wgGroupPermissions['Wiki-Admin']['siteadmin'] = true;
##### suppressionlog #####
$wgGroupPermissions['administrator']['suppressionlog'] = true;
$wgGroupPermissions['sysop']['suppressionlog'] = true;
$wgGroupPermissions['Linux-Admin']['suppressionlog'] = true;
$wgGroupPermissions['Wiki-Admin']['suppressionlog'] = true;
##### suppressredirect #####
$wgGroupPermissions['administrator']['suppressredirect'] = true;
$wgGroupPermissions['sysop']['suppressredirect'] = true;
$wgGroupPermissions['Wiki-Admin']['suppressredirect'] = true;
##### suppressrevision #####
$wgGroupPermissions['administrator']['suppressrevision'] = true;
$wgGroupPermissions['sysop']['suppressrevision'] = true;
$wgGroupPermissions['Wiki-Admin']['suppressrevision'] = true;
##### unblockself #####
$wgGroupPermissions['administrator']['unblockself'] = true;
$wgGroupPermissions['sysop']['unblockself'] = true;
$wgGroupPermissions['Wiki-Admin']['unblockself'] = true;
##### undelete #####
$wgGroupPermissions['administrator']['undelete'] = true;
$wgGroupPermissions['sysop']['undelete'] = true;
$wgGroupPermissions['Wiki-Admin']['undelete'] = true;
$wgGroupPermissions['Wiki-Moderator']['undelete'] = true;
$wgGroupPermissions['Wiki-Editor']['undelete'] = true;
##### unwatchedpages #####
$wgGroupPermissions['administrator']['unwatchedpages'] = true;
$wgGroupPermissions['sysop']['unwatchedpages'] = true;
$wgGroupPermissions['Wiki-Admin']['unwatchedpages'] = true;
##### upload #####
##### To enable image uploads, make sure the 'images' directory is writable (chmod777), the $wgEnableUploads = true;
##### Upload permissions ##### restricted to groups (requires createpage permission as well - each upload has one page create>
$wgGroupPermissions['administrator']['upload'] = true;
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['Bureaucrat']['upload'] = true;
$wgGroupPermissions['Linux-Admin']['upload'] = true;
$wgGroupPermissions['Wiki-Admin']['upload'] = true;
$wgGroupPermissions['Wiki-Moderator']['upload'] = true;
$wgGroupPermissions['Wiki-Editor']['upload'] = true;
$wgGroupPermissions['Wiki-Updater']['upload'] = true;
##### upload_by_url #####
$wgGroupPermissions['sysop']['upload_by_url'] = true;
$wgGroupPermissions['Linux-Admin']['upload_by_url'] = true;
$wgGroupPermissions['Wiki-Admin']['upload_by_url'] = true;
##### User Merge #####
wfLoadExtension( 'UserMerge' );
// By default nobody can use this function, enable for bureaucrat?
$wgGroupPermissions['bureaucrat']['usermerge'] = true;
$wgGroupPermissions['Wiki-Server-Admin']['usermerge'] = true;
$wgGroupPermissions['sysop']['usermerge'] = true;
// optional: default is array( 'sysop' )
// $wgUserMergeProtectedGroups = array( 'groupname' );
##### userrights #####
$wgGroupPermissions['administrator']['userrights'] = true;
$wgGroupPermissions['sysop']['userrights'] = true;
$wgGroupPermissions['Bureaucrat']['userrights'] = true;
$wgGroupPermissions['Wiki-Admin']['userrights'] = true;
##### userrights-interwiki #####
$wgGroupPermissions['sysop']['userrights-interwiki'] = true;
$wgGroupPermissions['Linux-Admin']['userrights-interwiki'] = true;
$wgGroupPermissions['Wiki-Admin']['userrights-interwiki'] = true;
##### viewmyprivateinfo #####
$wgGroupPermissions['user']['viewmyprivateinfo'] = true;
##### viewmywatchlist #####
$wgGroupPermissions['user']['viewmywatchlist'] = true;
##### viewsuppressed #####
$wgGroupPermissions['administrator']['viewsuppressed'] = true;
$wgGroupPermissions['sysop']['viewsuppressed'] = true;
$wgGroupPermissions['Wiki-Editor']['viewsuppressed'] = true;
##### writeapi #####
$wgGroupPermissions['administrator']['writeapi'] = true;
$wgGroupPermissions['sysop']['writeapi'] = true;
$wgGroupPermissions['Bot']['writeapi'] = true;
$wgGroupPermissions['Bureaucrat']['writeapi'] = true;
$wgGroupPermissions['Linux-Admin']['writeapi'] = true;
$wgGroupPermissions['Wiki-Admin']['writeapi'] = true;
$wgGroupPermissions['Wiki-Moderator']['writeapi'] = true;
$wgGroupPermissions['Wiki-Editor']['writeapi'] = true;
$wgGroupPermissions['Wiki-Updater']['writeapi'] = true;
##################################################################################
#
# END OF THE PERMISSION SET UP
#
##################################################################################
# Extension RightFunctions
// Activation
require_once "$IP/extensions/RightFunctions/RightFunctions.php";
# Extension RestrictAccessByCategoryAndGroup
// Activation
require_once "$IP/extensions/RestrictAccessByCategoryAndGroup/RestrictAccessByCategoryAndGroup.php";
$wgGroupPermissions['Financial no public data']['*'] = true;
$wgGroupPermissions['Financial private data']['private'] = true;
# Extension EditUser
// Activation
wfLoadExtension( 'EditUser' );
// Configuration
$wgGroupPermissions['bureaucrat']['edituser'] = true;
$wgGroupPermissions['sysop']['edituser-exempt'] = true;