Regional-training LocalSettings.php: Difference between revisions

From regional-training
VisualWikitext
No edit summary
No edit summary
 
(4 intermediate revisions by the same user not shown)
Line 7: Line 7:


<pre>
<pre>
# End of automatically generated settings.
# Add more configuration options below.
##################################
# RBH additions
###################################
## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;
# these following 2 lines should be uncommented for apache2 and commented out for nginx
# $wgUploadPath = "/img_auth.php";
# $wgUploadDirectory = "/var/wikis/wiki.arising.com.au/mediawiki/images/";
$wgWhiteListRead = false;
$wgImgAuthDetails = true;
wfLoadExtension( 'HitCounters' );
#$wgGroupPermissions['sysop']['hitcounter-exempt'] = true;
#################################
# SECURITY
#################################
# prevent anonymous edit and view source
function preventAnonymousEditHistory( $output,$article, $title, $user, $request, $wiki ) {
if ( !$user || $user->isAnon() ) {
$action = $request->getVal('action');
switch($action) {
case 'edit':
case 'history':
return false;
}
}
return true;
}
$wgHooks['MediaWikiPerformAction'][] = 'preventAnonymousEditHistory';
# return 404 for anonymous user and invalid pages
function AnonMissingPage404( OutputPage $out, Skin $skin ) {
    $user  = $out->getUser();
    $title = $out->getTitle();
    if ( $user->isAnon() && $title && !$title->exists() ) {
        header( "HTTP/1.1 404 Not Found" );
        header( "Status: 404 Not Found" );
        return true;
    }
    return true;
}
$wgHooks['BeforePageDisplay'][] = 'AnonMissingPage404';
# Page Access authorisation
require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php";
# RBH permit upload of these extensions
$wgFileExtensions = array_merge( $wgFileExtensions,
    array( 'doc', 'docx', 'xls', 'xlsx', 'mpp', 'pdf', 'ppt', 'xlsx', 'jpg',
        'tiff', 'odt', 'odg', 'ods', 'odp', 'xml', 'exe', 'zip', 'msg', 'tar'
        , 'mp3', 'wmv', 'mov', 'mp4', 'txt', 'svg', 'dss', 'rar', '7z', 'sh'
    )
);
#$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );
$wgTrustedMediaFormats[] = 'application/zip';
$wgMaxUploadSize=640 * 1024 * 1024 ; # RBH
# SECURITY prevent public privleges  (anonymous user)
# SECURITY prevent public privleges  (anonymous user)
$wgReadPermissions['*']['read'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermisisons['*']['createpage'] = false;
$wgGroupPermisisons['*']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;
$wgGroupPermissions['*']['createaccount'] = false;


# install Page Access authorisation extension
# sysop can
require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php";
 
# sysop can create accounts
$wgGroupPermissions['sysop']['createaccount'] = true;
$wgGroupPermissions['sysop']['createaccount'] = true;


# exclusive private category - where only user's with private group can access, or the sysop
# only private can access
$wgGroupPermissions['private']['*'] = false;
$wgGroupPermissions['private']['*'] = false;
$wgGroupPermissions['private']['private'] = true;
$wgGroupPermissions['private']['private'] = true;


# private category that users with group:lesson may access, or sysop
$wgGroupPermissions['users']['*'] = false;
$wgGroupPermissions['lesson']['*'] = false;
$wgGroupPermissions['lesson']['private'] = true;
 
# private category that users with group:student may access, or sysop
$wgGroupPermissions['student']['*'] = false;
$wgGroupPermissions['student']['private'] = true;
 
# private category that users with group:projects may access, or sysop
$wgGroupPermissions['projects']['*'] = false;
$wgGroupPermissions['projects']['private'] = true;


# private category that users with group:trainer may access, or sysop
$wgGroupPermissions['trainer']['*'] = false;
$wgGroupPermissions['trainer']['private'] = true;
# the above private categories will show up as group privileges that may be assigned to users.
# you may define nearly any group you may required (except for predefined names such as user)
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;
Line 47: Line 96:
$wgRightsPage = 'wiki rights';
$wgRightsPage = 'wiki rights';


# prevent anonymous edit and view source
$wgDebugLogFile = "/var/wikis/wiki.arising.com.au/log/debug.log";
function preventAnonymousEditHistory( $output,$article, $title, $user, $request, $wiki ) {
$wgShowExceptionDetails = true;
        if ( !user || $user->isAnon() ) {
$wgDebugComments = true;
                $action = $request->getVal('action');
$wgSend404Code = true;
                switch($action) {
$wgEnableScaryTranscluding = true;
                case 'edit':
                        if($title == 'Talk:Main') {
                            return true;
                        }
                        return false;
 
                case 'history':
                        return false;
                }
 
        }
        return true;
}


# preventAnonymousEditHistory() is a function! but this is how you assign use a variable function for execution = bizairre !!!!
$wgHooks['MediaWikiPerformAction'][] = 'preventAnonymousEditHistory';


</pre>
</pre>

Latest revision as of 15:42, 5 February 2026

The LocalSettings.php customisations:


The http://regional-training.org wiki has the following LocalSettings.php customisations for category:Access Control: 

# End of automatically generated settings.
# Add more configuration options below.

##################################
# RBH additions
###################################

## To enable image uploads, make sure the 'images' directory
## is writable, then set this to true:
$wgEnableUploads = true;

# these following 2 lines should be uncommented for apache2 and commented out for nginx
# $wgUploadPath = "/img_auth.php";
# $wgUploadDirectory = "/var/wikis/wiki.arising.com.au/mediawiki/images/";

$wgWhiteListRead = false;
$wgImgAuthDetails = true;

wfLoadExtension( 'HitCounters' );
#$wgGroupPermissions['sysop']['hitcounter-exempt'] = true;

#################################
# SECURITY
#################################

# prevent anonymous edit and view source
function preventAnonymousEditHistory( $output,$article, $title, $user, $request, $wiki ) {
	if ( !$user || $user->isAnon() ) {
		$action = $request->getVal('action');
		switch($action) {
		case 'edit':
		case 'history':
			return false;
		}

	}
	return true;
}
$wgHooks['MediaWikiPerformAction'][] = 'preventAnonymousEditHistory';

# return 404 for anonymous user and invalid pages
function AnonMissingPage404( OutputPage $out, Skin $skin ) {
    $user  = $out->getUser();
    $title = $out->getTitle();

    if ( $user->isAnon() && $title && !$title->exists() ) {
        header( "HTTP/1.1 404 Not Found" );
        header( "Status: 404 Not Found" );
        return true;
    }
    return true;
}
$wgHooks['BeforePageDisplay'][] = 'AnonMissingPage404';

# Page Access authorisation
require_once "$IP/extensions/rabcg/RestrictAccessByCategoryAndGroup.php";

# RBH permit upload of these extensions
$wgFileExtensions = array_merge( $wgFileExtensions,
     array( 'doc', 'docx', 'xls', 'xlsx', 'mpp', 'pdf', 'ppt', 'xlsx', 'jpg',
         'tiff', 'odt', 'odg', 'ods', 'odp', 'xml', 'exe', 'zip', 'msg', 'tar'
         , 'mp3', 'wmv', 'mov', 'mp4', 'txt', 'svg', 'dss', 'rar', '7z', 'sh'
     )
);
#$wgFileBlacklist = array_diff( $wgFileBlacklist, array ('exe') );

$wgTrustedMediaFormats[] = 'application/zip';
$wgMaxUploadSize=640 * 1024 * 1024 ; # RBH

# SECURITY prevent public privleges  (anonymous user)
$wgGroupPermissions['*']['edit'] = false;
$wgGroupPermisisons['*']['createpage'] = false;
$wgGroupPermissions['*']['createaccount'] = false;

# sysop can
$wgGroupPermissions['sysop']['createaccount'] = true;

# only private can access
$wgGroupPermissions['private']['*'] = false;
$wgGroupPermissions['private']['private'] = true;

$wgGroupPermissions['users']['*'] = false;

$wgGroupPermissions['sysop']['deletelogentry'] = true;
$wgGroupPermissions['sysop']['deleterevision'] = true;

$wgShowExceptionDetails = true;
$wgRightsPage = 'wiki rights';

$wgDebugLogFile = "/var/wikis/wiki.arising.com.au/log/debug.log";
$wgShowExceptionDetails = true;
$wgDebugComments = true;
$wgSend404Code = true;
$wgEnableScaryTranscluding = true;

summary

These privileges may be assigned to a selected user from the Special:UserRights page, and are accessible in the php hook via $user->getGroups().

.

Categories may be assigned to a page, where the category may be associated by name to group.

Matches are performed case-insensitively, and when they occur, it means that the page is subject to fine-grained category:Access Control that is implemented by the Regional-training RestrictAccessByCategoryAndGroup.php extension.

Retrieved from ‘https://regional-training.org:443/rt-dir/index.php?title=Regional-training_LocalSettings.php&oldid=3381