Jump to content

ICT:FinalConfig-Clutter and protection: Difference between revisions

From Costa Sano MediaWiki
← Older editNewer edit →
Mngr (talk | contribs)
Bots, Bureaucrats, club, ict, Interface administrators, research, Suppressors, Administrators
1,027 edits
VisualWikitext
No edit summary
mNo edit summary
Line 1: Line 1:
= Final Configuration: Clutter Reduction and Protection =
= MediaWiki Interface & Permissions Architecture (Final Version) =
Document revision: {{#time:Y-m-d|{{REVISIONTIMESTAMP}}}} by {{REVISIONUSER}}
''A stable, senior‑friendly, successor‑ready configuration for MW 1.43 + Vector‑2022''


== Purpose and Philosophy ==
== 1. Purpose of This Document ==
This document describes the final, working configuration of the MediaWiki interface, permissions, and layout model used for the club’s digital archive. It reflects the validated behavior after the February 2026 refinements.


This MediaWiki installation supports a historical heritage project used primarily by senior researchers (mostly 70+). Their workflow is simple, and their expectations are shaped by historical research habits rather than IT experience. The system must therefore be:
It is written for future administrators who may inherit the system.


* As closed as reasonably possible 
== 2. Design Philosophy ==
* Predictable and stable 
* Minimal in clutter 
* Dark‑mode by default 
* Safe against accidental clicks 


MediaWiki’s default philosophy is openness. After three days of experimentation, it became clear that a fully closed system is not feasible without brittle hacks. Instead, this configuration aims for a stable, predictable, minimally exposed environment that still respects MediaWiki’s architecture.
=== 2.1 Senior‑friendly ===
* Minimal clutter 
* Predictable navigation 
* Clean, distraction‑free layout 


Dark mode is essential. Only Vector‑2022 provides a reliable dark mode, so the system standardizes on this skin. Attempts to use Minerva failed due to lack of dark mode support.
=== 2.2 Role‑based clarity ===
* Anonymous visitors: clean public view 
* Users: simplified workspace 
* Sysops: full interface 


All data entry is performed through PageForms, and direct access to data namespaces is intentionally blocked. This ensures that users interact only with structured forms, not raw pages.
=== 2.3 Stability over cleverness ===
* Avoid deep Vector‑2022 overrides 
* Avoid fragile JavaScript 
* Prefer CSS and PHP hooks that are easy to maintain 


== User Roles and Workflow ==
=== 2.4 Successor‑friendly ===
* Clear separation of responsibilities 
* Minimal magic 
* Everything documented 


=== User Types ===
== 3. Final Behavior Overview ==
* '''Anonymous visitors''' 
: Can read only the final public documents in the Main namespace 
: Should see no MediaWiki clutter 


* '''Club Members (users)'''  
=== 3.1 Anonymous visitors ===
: Can create and edit research drafts  
* No top toolbar 
: Can enter data only through the Dashboard (PageForms)   
* No right column  
: Cannot access system areas or data namespaces directly  
* Full‑width content  
* Minimal sidebar (“Home”)   
* Clean, public‑facing layout  


* '''Sysop'''  
=== 3.2 Registered users (non‑sysop) ===
: Full administrative and interface control  
* No top toolbar in Dashboard/Main 
: Sees the full MediaWiki interface  
* Classical toolbar in Research 
* No right column except in Research 
* Full‑width content  
* Simplified sidebar (Dashboard + Research + Logout)  
* PageForms buttons always visible  


=== Workflow Overview ===
=== 3.3 Sysops ===
* Full toolbar restored 
* Right column restored 
* Full‑width content 
* Classical Vector‑2022 behavior (except for full‑width layout) 
* Slight left‑alignment quirk in toolbar (Vector‑2022 internal behavior) 


<pre>
== 4. Final LocalSettings.php Configuration ==
Anonymous → Main (read-only)
 
Users → Dashboard (data entry via PageForms)
      → Research (drafting and reviewing)
      → No direct access to data namespaces
 
Sysop → All namespaces + interface
</pre>
 
=== Publishing Flow ===
# Users introduce and document data via Dashboard forms. 
# Users create and refine publication pages in Research. 
# Once validated, pages are copied to Main for public access.
# Optionally, content may be exported to Wikipedia.
 
== Configuring the Skin ==


=== 4.1 Skin & Interface ===
<pre>
<pre>
# =================================================
# SKIN & INTERFACE
# =================================================
wfLoadSkin( 'Vector' );
wfLoadSkin( 'Vector' );
$wgDefaultSkin = "vector-2022";
$wgDefaultSkin = "vector-2022";


# Enable native dark mode
$wgVectorNightMode = [
$wgVectorNightMode = [
     'beta' => true,
     'beta' => true,
Line 68: Line 66:
];
];


# Force dark mode for all users
$wgDefaultUserOptions['vector-theme'] = 'night';
$wgDefaultUserOptions['vector-theme'] = 'night';
</pre>
</pre>


== Protection Model ==
=== 4.2 Global Permissions ===
 
MediaWiki cannot be inverted into a “deny everything, allow selectively” model.
Lockdown adds restrictions, but it cannot:
 
* override global permissions 
* grant permissions 
* create a deny‑by‑default environment 
 
Therefore, the configuration below uses global permissions, namespace protection, and CSS‑based interface reduction.
 
=== Global Permissions ===
 
<pre>
<pre>
# Anonymous
# Anonymous
Line 95: Line 80:
$wgGroupPermissions['user']['edit']      = true;
$wgGroupPermissions['user']['edit']      = true;
$wgGroupPermissions['user']['upload']    = false;
$wgGroupPermissions['user']['upload']    = false;
$wgGroupPermissions['user']['reupload']  = false;
$wgGroupPermissions['user']['reupload-own'] = false;


# Sysop
# Sysops
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['upload']        = true;
$wgGroupPermissions['sysop']['upload']        = true;
$wgGroupPermissions['sysop']['reupload']      = true;
$wgGroupPermissions['sysop']['reupload-own']  = true;
</pre>
</pre>


=== Namespace Protection (Consolidated) ===
=== 4.3 Namespace Protection ===
 
<pre>
<pre>
$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];       # Public library
$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];
$wgNamespaceProtection[NS_ICT]      = [ 'editinterface' ]; # Technical docs
$wgNamespaceProtection[NS_ICT]      = [ 'editinterface' ];
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ]; # App layout
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ];
</pre>
</pre>


=== Content Namespaces ===
=== 4.4 Content Namespaces ===
 
<pre>
<pre>
$wgContentNamespaces = [
$wgContentNamespaces = [
Line 121: Line 108:
</pre>
</pre>


=== Sidebar Simplification ===
=== 4.5 Sidebar Model (Final Working Version) ===
 
A custom sidebar is injected for all non‑sysop users. 
This avoids exposing MediaWiki’s default navigation.
 
'''Important note for successors:''' 
This uses hardcoded paths. If <code>$wgArticlePath</code> or namespace names change, the sidebar must be updated.
 
<pre>
<pre>
$wgHooks['SidebarBeforeOutput'][] = function ( $skin, &$sidebar ) {
$wgHooks['SidebarBeforeOutput'][] = function ( $skin, &$sidebar ) {
     $user = $skin->getUser();
     $user = $skin->getUser();


    # Anonymous: minimal sidebar
    if ( $user->isAnon() ) {
        $sidebar = [
            'Navigation' => [
                [ 'text' => 'Home', 'href' => '/Hoofdpagina' ]
            ]
        ];
        return true;
    }
    # Users (non-sysop): simplified sidebar
     if ( !$user->isAllowed( 'editinterface' ) ) {
     if ( !$user->isAllowed( 'editinterface' ) ) {
         $sidebar = [
         $sidebar = [
             'Project Navigation' => [
             'Project Navigation' => [
                 [ 'text' => 'Dashboard',     'href' => '/Dashboard:Main' ],
                 [ 'text' => 'Dashboard',     'href' => '/Dashboard:Main' ],
                 [ 'text' => 'Research Area', 'href' => '/Research:Main' ],
                 [ 'text' => 'Research Area', 'href' => '/Research:Main' ],
             ],
             ],
             'Account' => [
             'Account' => [
Line 143: Line 134:
             ]
             ]
         ];
         ];
        return true;
     }
     }
    # Sysop: default sidebar
     return true;
     return true;
};
};
</pre>
</pre>


=== Cargo Hardening ===
=== 4.6 Cargo Hardening ===
 
<pre>
<pre>
$wgGroupPermissions['user']['runcargoqueries'] = false;
$wgGroupPermissions['user']['runcargoqueries']   = false;
$wgGroupPermissions['user']['recreatecargodata'] = false;
$wgGroupPermissions['user']['recreatecargodata'] = false;
</pre>
</pre>


=== Upload Restrictions ===
=== 4.7 Optional Hardening ===
 
<pre>
$wgGroupPermissions['user']['upload']        = false;
$wgGroupPermissions['user']['reupload']      = false;
$wgGroupPermissions['user']['reupload-own']  = false;
 
$wgGroupPermissions['sysop']['upload']      = true;
$wgGroupPermissions['sysop']['reupload']    = true;
$wgGroupPermissions['sysop']['reupload-own'] = true;
</pre>
 
=== Optional Hardening ===
 
<pre>
<pre>
$wgNonincludableNamespaces[] = NS_ICT;
$wgNonincludableNamespaces[] = NS_ICT;
# Avoid login redirect bug
$wgRedirectOnLogin = "Hoofdpagina";
$wgRedirectOnLogin = "Hoofdpagina";
</pre>
</pre>


== Interface Clutter Reduction (CSS) ==
== 5. Final CSS Configuration ==
 
=== User View (MediaWiki:Group-user.css) ===


=== 5.1 MediaWiki:Common.css (Anonymous users) ===
<pre>
<pre>
/* Hide Top Bar & Right Column for Users in Dashboard & Main */
/* Hide toolbar and right column for anonymous users */
.ns-3020 .vector-page-toolbar,
.ns-0 .vector-page-toolbar,
.ns-0 .vector-page-toolbar,
.ns-3020 .vector-column-end,
.ns-0 .vector-column-end {
.ns-0 .vector-column-end {
     display: none !important;
     display: none !important;
}
}


/* Reclaim space for full-width layout */
/* Full-width layout */
.ns-3020 .mw-content-container,
.ns-0 .mw-content-container {
.ns-0 .mw-content-container {
    max-width: none !important;
}
</pre>
=== 5.2 MediaWiki:Group-user.css (Registered users) ===
<pre>
/* Hide toolbar & right column in Dashboard and Main */
.ns-3020 .vector-page-toolbar,
.ns-0    .vector-page-toolbar,
.ns-3020 .vector-column-end,
.ns-0    .vector-column-end {
    display: none !important;
}
/* Full-width layout */
.ns-3020 .mw-content-container,
.ns-0    .mw-content-container {
     max-width: none !important;
     max-width: none !important;
}
}


/* Ensure Form Buttons are NEVER hidden */
/* Ensure PageForms buttons are always visible */
.mw-body-content .mw-ui-button,  
.mw-body-content .mw-ui-button,
.mw-body-content .pfForm {
.mw-body-content .pfForm {
     display: inline-block !important;
     display: inline-block !important;
Line 203: Line 194:
</pre>
</pre>


=== Sysop View (MediaWiki:Group-sysop.css) ===
=== 5.3 MediaWiki:Group-sysop.css (Sysops) ===
 
<pre>
<pre>
/* Restore the Top Toolbar */
/* Restore toolbar */
html body.skin-vector-2022 .vector-page-toolbar {
html body.skin-vector-2022 .vector-page-toolbar {
     display: flex !important;
     display: flex !important;
    visibility: visible !important;
}
}


/* Restore the Right Column Tools */
/* Restore right column in normal flow */
html body.skin-vector-2022 .vector-column-end {
html body.skin-vector-2022 .vector-column-end {
     display: block !important;
     display: block !important;
     position: absolute !important;
     visibility: visible !important;
     right: 0;
     position: static !important;
    top: 150px;
    z-index: 100;
}
}


/* Full-width content for Sysop */
/* Full-width content */
html body.skin-vector-2022 .mw-content-container {
html body.skin-vector-2022 .mw-content-container {
     max-width: none !important;
     max-width: none !important;
    margin-right: 0 !important;
}
}
</pre>
</pre>


== Testing and Known Limitations ==
== 6. Known Limitations ==
 
=== 6.1 Sysop toolbar alignment ===
Vector‑2022 aligns the sysop toolbar slightly differently due to internal flexbox logic. 
This is harmless and not worth overriding.
 
=== 6.2 Vector‑2022 sidebar dependency ===
Vector‑2022 cannot render with an empty sidebar. 
Anonymous users must always receive at least one menu item.
 
=== 6.3 PageForms visibility ===
PageForms buttons must be explicitly forced visible for non‑sysops.
 
== 7. Future Extensions ==


Preliminary testing shows:
=== 7.1 Public navigation ===
When more public pages exist, extend the anonymous sidebar:
<pre>
'Navigation' => [
    [ 'text' => 'Home', 'href' => '/Hoofdpagina' ],
    [ 'text' => 'About', 'href' => '/Main:About' ],
    [ 'text' => 'Archive', 'href' => '/Main:Archive' ]
]
</pre>


* Anonymous users and regular users cannot reach dangerous pages through navigation  
=== 7.2 Role‑based dashboards ===
* PageForms works correctly despite namespace restrictions  
Dashboard namespace can later host:
* Sysop retains full interface access  
* User dashboards  
* Research dashboards  
* Admin dashboards  


=== Known Limitations ===
=== 7.3 Omeka‑S style modular archive ===
* Anonymous users still see the top toolbar in Main (to be refined later)  
The current structure is ready for:
* Hardcoded sidebar paths must be updated if URL structure changes  
* Entities  
* MediaWiki cannot fully hide configuration pages from knowledgeable users  
* Assets  
* Lockdown cannot invert the permission model  
* Relations  
* Cargo tables  


=== Future Work ===
== 8. Final Notes for Successors ==
* Remove top toolbar for anonymous users in Main  
* All interface behavior is controlled by three CSS files and one PHP hook. 
* Evaluate whether Dashboard needs further simplification  
* Avoid modifying Vector‑2022 templates unless absolutely necessary.  
* Test new namespaces as they are added  
* Keep the anonymous sidebar non‑empty.  
* Revisit Cargo permissions once data volume grows
* Maintain full‑width layout for consistency.  
* Document every change in ICT namespace.

Revision as of 17:22, 13 February 2026

MediaWiki Interface & Permissions Architecture (Final Version)

A stable, senior‑friendly, successor‑ready configuration for MW 1.43 + Vector‑2022

1. Purpose of This Document

This document describes the final, working configuration of the MediaWiki interface, permissions, and layout model used for the club’s digital archive. It reflects the validated behavior after the February 2026 refinements.

It is written for future administrators who may inherit the system.

2. Design Philosophy

2.1 Senior‑friendly

  • Minimal clutter
  • Predictable navigation
  • Clean, distraction‑free layout

2.2 Role‑based clarity

  • Anonymous visitors: clean public view
  • Users: simplified workspace
  • Sysops: full interface

2.3 Stability over cleverness

  • Avoid deep Vector‑2022 overrides
  • Avoid fragile JavaScript
  • Prefer CSS and PHP hooks that are easy to maintain

2.4 Successor‑friendly

  • Clear separation of responsibilities
  • Minimal magic
  • Everything documented

3. Final Behavior Overview

3.1 Anonymous visitors

  • No top toolbar
  • No right column
  • Full‑width content
  • Minimal sidebar (“Home”)
  • Clean, public‑facing layout

3.2 Registered users (non‑sysop)

  • No top toolbar in Dashboard/Main
  • Classical toolbar in Research
  • No right column except in Research
  • Full‑width content
  • Simplified sidebar (Dashboard + Research + Logout)
  • PageForms buttons always visible

3.3 Sysops

  • Full toolbar restored
  • Right column restored
  • Full‑width content
  • Classical Vector‑2022 behavior (except for full‑width layout)
  • Slight left‑alignment quirk in toolbar (Vector‑2022 internal behavior)

4. Final LocalSettings.php Configuration

4.1 Skin & Interface

wfLoadSkin( 'Vector' );
$wgDefaultSkin = "vector-2022";

$wgVectorNightMode = [
    'beta' => true,
    'logged_in' => true,
    'logged_out' => true,
];

$wgDefaultUserOptions['vector-theme'] = 'night';

4.2 Global Permissions

# Anonymous
$wgGroupPermissions['*']['read']          = true;
$wgGroupPermissions['*']['edit']          = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Users
$wgGroupPermissions['user']['read']       = true;
$wgGroupPermissions['user']['edit']       = true;
$wgGroupPermissions['user']['upload']     = false;
$wgGroupPermissions['user']['reupload']   = false;
$wgGroupPermissions['user']['reupload-own'] = false;

# Sysops
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['upload']        = true;
$wgGroupPermissions['sysop']['reupload']      = true;
$wgGroupPermissions['sysop']['reupload-own']  = true;

4.3 Namespace Protection

$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];
$wgNamespaceProtection[NS_ICT]       = [ 'editinterface' ];
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ];

4.4 Content Namespaces

$wgContentNamespaces = [
    NS_MAIN, NS_RESEARCH, NS_ICT, NS_DASHBOARD,
    NS_CHAPTER, NS_PLACE, NS_ORGANISATION,
    NS_PERSON, NS_HERITAGE, NS_ASSET
];

$wgNamespacesWithSubpages[NS_DASHBOARD] = true;

4.5 Sidebar Model (Final Working Version)

$wgHooks['SidebarBeforeOutput'][] = function ( $skin, &$sidebar ) {
    $user = $skin->getUser();

    # Anonymous: minimal sidebar
    if ( $user->isAnon() ) {
        $sidebar = [
            'Navigation' => [
                [ 'text' => 'Home', 'href' => '/Hoofdpagina' ]
            ]
        ];
        return true;
    }

    # Users (non-sysop): simplified sidebar
    if ( !$user->isAllowed( 'editinterface' ) ) {
        $sidebar = [
            'Project Navigation' => [
                [ 'text' => 'Dashboard',     'href' => '/Dashboard:Main' ],
                [ 'text' => 'Research Area', 'href' => '/Research:Main' ],
            ],
            'Account' => [
                [ 'text' => 'Logout', 'href' => '/Special:UserLogout' ]
            ]
        ];
        return true;
    }

    # Sysop: default sidebar
    return true;
};

4.6 Cargo Hardening

$wgGroupPermissions['user']['runcargoqueries']   = false;
$wgGroupPermissions['user']['recreatecargodata'] = false;

4.7 Optional Hardening

$wgNonincludableNamespaces[] = NS_ICT;
$wgRedirectOnLogin = "Hoofdpagina";

5. Final CSS Configuration

5.1 MediaWiki:Common.css (Anonymous users)

/* Hide toolbar and right column for anonymous users */
.ns-0 .vector-page-toolbar,
.ns-0 .vector-column-end {
    display: none !important;
}

/* Full-width layout */
.ns-0 .mw-content-container {
    max-width: none !important;
}

5.2 MediaWiki:Group-user.css (Registered users)

/* Hide toolbar & right column in Dashboard and Main */
.ns-3020 .vector-page-toolbar,
.ns-0    .vector-page-toolbar,
.ns-3020 .vector-column-end,
.ns-0    .vector-column-end {
    display: none !important;
}

/* Full-width layout */
.ns-3020 .mw-content-container,
.ns-0    .mw-content-container {
    max-width: none !important;
}

/* Ensure PageForms buttons are always visible */
.mw-body-content .mw-ui-button,
.mw-body-content .pfForm {
    display: inline-block !important;
    visibility: visible !important;
}

5.3 MediaWiki:Group-sysop.css (Sysops)

/* Restore toolbar */
html body.skin-vector-2022 .vector-page-toolbar {
    display: flex !important;
    visibility: visible !important;
}

/* Restore right column in normal flow */
html body.skin-vector-2022 .vector-column-end {
    display: block !important;
    visibility: visible !important;
    position: static !important;
}

/* Full-width content */
html body.skin-vector-2022 .mw-content-container {
    max-width: none !important;
}

6. Known Limitations

6.1 Sysop toolbar alignment

Vector‑2022 aligns the sysop toolbar slightly differently due to internal flexbox logic. This is harmless and not worth overriding.

6.2 Vector‑2022 sidebar dependency

Vector‑2022 cannot render with an empty sidebar. Anonymous users must always receive at least one menu item.

6.3 PageForms visibility

PageForms buttons must be explicitly forced visible for non‑sysops.

7. Future Extensions

7.1 Public navigation

When more public pages exist, extend the anonymous sidebar: 

'Navigation' => [
    [ 'text' => 'Home', 'href' => '/Hoofdpagina' ],
    [ 'text' => 'About', 'href' => '/Main:About' ],
    [ 'text' => 'Archive', 'href' => '/Main:Archive' ]
]

7.2 Role‑based dashboards

Dashboard namespace can later host:

  • User dashboards
  • Research dashboards
  • Admin dashboards

7.3 Omeka‑S style modular archive

The current structure is ready for:

  • Entities
  • Assets
  • Relations
  • Cargo tables

8. Final Notes for Successors

  • All interface behavior is controlled by three CSS files and one PHP hook.
  • Avoid modifying Vector‑2022 templates unless absolutely necessary.
  • Keep the anonymous sidebar non‑empty.
  • Maintain full‑width layout for consistency.
  • Document every change in ICT namespace.
Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:FinalConfig-Clutter_and_protection&oldid=684"