控制游客 ,注册用户的访问编辑权限

wangsisi

在DefaultSettings.php文件中加入如下内容：

/**
* Permission keys given to users in each group.
* All users are implicitly in the '*' group including anonymous visitors;
* logged-in users are all implicitly in the 'user' group. These will be
* combined with the permissions of all groups that a given user is listed
* in in the user_groups table.
*
* Note: Don't set $wgGroupPermissions = array(); unless you know what you're
* doing! This will wipe all permissions, and may mean that your users are
* unable to perform certain essential tasks or access new functionality
* when new permissions are introduced and default grants established.
*
* Functionality to make pages inaccessible has not been extensively tested
* for security. Use at your own risk!
*
* This replaces wgWhitelistAccount and wgWhitelistEdit
*/
$wgGroupPermissions = array();

// Implicit group for all visitors
$wgGroupPermissions['*'    ]['createaccount']   = true;
$wgGroupPermissions['*'    ]['read']            = true;
$wgGroupPermissions['*'    ]['edit']            = true;
$wgGroupPermissions['*'    ]['createpage']      = true;
$wgGroupPermissions['*'    ]['createtalk']      = true;

// Implicit group for all logged-in accounts
$wgGroupPermissions['user' ]['move']            = true;
$wgGroupPermissions['user' ]['read']            = true;
$wgGroupPermissions['user' ]['edit']            = true;
$wgGroupPermissions['user' ]['createpage']      = true;
$wgGroupPermissions['user' ]['createtalk']      = true;
$wgGroupPermissions['user' ]['upload']          = true;
$wgGroupPermissions['user' ]['reupload']        = true;
$wgGroupPermissions['user' ]['reupload-shared'] = true;
$wgGroupPermissions['user' ]['minoredit']       = true;
$wgGroupPermissions['user' ]['purge']           = true; // can use ?action=purge without clicking "ok"

// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions['autoconfirmed']['autoconfirmed'] = true;

// Implicit group for accounts with confirmed email addresses
// This has little use when email address confirmation is off
$wgGroupPermissions['emailconfirmed']['emailconfirmed'] = true;

// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions['bot'  ]['bot']             = true;
$wgGroupPermissions['bot'  ]['autoconfirmed']   = true;
$wgGroupPermissions['bot'  ]['nominornewtalk']  = true;
$wgGroupPermissions['bot'  ]['autopatrol']      = true;
$wgGroupPermissions['bot'  ]['suppressredirect'] = true;
$wgGroupPermissions['bot'  ]['apihighlimits']   = true;

// Most extra permission abilities go to this group
$wgGroupPermissions['sysop']['block']           = true;
$wgGroupPermissions['sysop']['createaccount']   = true;
$wgGroupPermissions['sysop']['delete']          = true;
$wgGroupPermissions['sysop']['deletedhistory']     = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions['sysop']['undelete']    = true;
$wgGroupPermissions['sysop']['editinterface']   = true;
$wgGroupPermissions['sysop']['editusercssjs']   = true;
$wgGroupPermissions['sysop']['import']          = true;
$wgGroupPermissions['sysop']['importupload']    = true;
$wgGroupPermissions['sysop']['move']            = true;
$wgGroupPermissions['sysop']['patrol']          = true;
$wgGroupPermissions['sysop']['autopatrol']      = true;
$wgGroupPermissions['sysop']['protect']         = true;
$wgGroupPermissions['sysop']['proxyunbannable'] = true;
$wgGroupPermissions['sysop']['rollback']        = true;
$wgGroupPermissions['sysop']['trackback']       = true;
$wgGroupPermissions['sysop']['upload']          = true;
$wgGroupPermissions['sysop']['reupload']        = true;
$wgGroupPermissions['sysop']['reupload-shared'] = true;
$wgGroupPermissions['sysop']['unwatchedpages']  = true;
$wgGroupPermissions['sysop']['autoconfirmed']   = true;
$wgGroupPermissions['sysop']['upload_by_url']   = true;
$wgGroupPermissions['sysop']['ipblock-exempt']    = true;
$wgGroupPermissions['sysop']['blockemail']      = true;
$wgGroupPermissions['sysop']['markbotedits']    = true;
$wgGroupPermissions['sysop']['suppressredirect'] = true;
$wgGroupPermissions['sysop']['apihighlimits']   = true;
#$wgGroupPermissions['sysop']['mergehistory']    = true;

// Permission to change users' group assignments
$wgGroupPermissions['bureaucrat']['userrights'] = true;

// Experimental permissions, not ready for production use
//$wgGroupPermissions['sysop']['deleterevision'] = true;
//$wgGroupPermissions['bureaucrat']['hiderevision'] = true;

/**
* The developer group is deprecated, but can be activated if need be
* to use the 'lockdb' and 'unlockdb' special pages. Those require
* that a lock file be defined and creatable/removable by the web
* server.
*/
# $wgGroupPermissions['developer']['siteadmin'] = true;

每一行第一个中括号中的内容指用户组，第二个中括号的中的内容指权限，等好后面是true的说明此用户组拥有此项权限，false说明没有此项权限。
要控制游客不能编辑wiki只需要设置：
$wgGroupPermissions['*'    ]['edit']= false;
要控制不能新注册账户只需要设置：
$wgGroupPermissions['*'    ]['createaccount']   = false;

其他createpage 是新建页面权限，read是浏览权限，creattalk是新建讨论的权限。