Jump to content

ICT:FinalConfig-Clutter and protection

From Costa Sano MediaWiki
Revision as of 16:31, 13 February 2026 by Mngr (talk | contribs)

Final Configuration: Clutter Reduction and Protection

Document revision: 2026-02-13 by Mngr

Purpose and Philosophy

This MediaWiki installation supports a historical heritage project used primarily by senior researchers (mostly 70+). Their workflow is simple, and their expectations are shaped by historical research habits rather than IT experience. The system must therefore be:

  • As closed as reasonably possible
  • Predictable and stable
  • Minimal in clutter
  • Dark‑mode by default
  • Safe against accidental clicks

MediaWiki’s default philosophy is openness. After three days of experimentation, it became clear that a fully closed system is not feasible without brittle hacks. Instead, this configuration aims for a stable, predictable, minimally exposed environment that still respects MediaWiki’s architecture.

Dark mode is essential. Only Vector‑2022 provides a reliable dark mode, so the system standardizes on this skin. Attempts to use Minerva failed due to lack of dark mode support.

All data entry is performed through PageForms, and direct access to data namespaces is intentionally blocked. This ensures that users interact only with structured forms, not raw pages.

User Roles and Workflow

User Types

  • Anonymous visitors
Can read only the final public documents in the Main namespace
Should see no MediaWiki clutter
  • Club Members (users)
Can create and edit research drafts
Can enter data only through the Dashboard (PageForms)
Cannot access system areas or data namespaces directly
  • Sysop
Full administrative and interface control
Sees the full MediaWiki interface

Workflow Overview

Anonymous → Main (read-only)

Users → Dashboard (data entry via PageForms)
      → Research (drafting and reviewing)
      → No direct access to data namespaces

Sysop → All namespaces + interface

Publishing Flow

  1. Users introduce and document data via Dashboard forms.
  2. Users create and refine publication pages in Research.
  3. Once validated, pages are copied to Main for public access.
  4. Optionally, content may be exported to Wikipedia.

Configuring the Skin

# =================================================
# SKIN & INTERFACE
# =================================================
wfLoadSkin( 'Vector' );
$wgDefaultSkin = "vector-2022";

# Enable native dark mode
$wgVectorNightMode = [
    'beta' => true,
    'logged_in' => true,
    'logged_out' => true,
];

# Force dark mode for all users
$wgDefaultUserOptions['vector-theme'] = 'night';

Protection Model

MediaWiki cannot be inverted into a “deny everything, allow selectively” model. Lockdown adds restrictions, but it cannot:

  • override global permissions
  • grant permissions
  • create a deny‑by‑default environment

Therefore, the configuration below uses global permissions, namespace protection, and CSS‑based interface reduction.

Global Permissions

# Anonymous
$wgGroupPermissions['*']['read']          = true;
$wgGroupPermissions['*']['edit']          = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Users
$wgGroupPermissions['user']['read']       = true;
$wgGroupPermissions['user']['edit']       = true;
$wgGroupPermissions['user']['upload']     = false;

# Sysop
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['upload']        = true;

Namespace Protection (Consolidated)

$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];        # Public library
$wgNamespaceProtection[NS_ICT]       = [ 'editinterface' ];  # Technical docs
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ];  # App layout

Content Namespaces

$wgContentNamespaces = [
    NS_MAIN, NS_RESEARCH, NS_ICT, NS_DASHBOARD,
    NS_CHAPTER, NS_PLACE, NS_ORGANISATION,
    NS_PERSON, NS_HERITAGE, NS_ASSET
];

$wgNamespacesWithSubpages[NS_DASHBOARD] = true;

A custom sidebar is injected for all non‑sysop users. This avoids exposing MediaWiki’s default navigation.

Important note for successors: This uses hardcoded paths. If $wgArticlePath or namespace names change, the sidebar must be updated. 

$wgHooks['SidebarBeforeOutput'][] = function ( $skin, &$sidebar ) {
    $user = $skin->getUser();

    if ( !$user->isAllowed( 'editinterface' ) ) {
        $sidebar = [
            'Project Navigation' => [
                [ 'text' => 'Dashboard',      'href' => '/Dashboard:Main' ],
                [ 'text' => 'Research Area',  'href' => '/Research:Main' ],
            ],
            'Account' => [
                [ 'text' => 'Logout', 'href' => '/Special:UserLogout' ]
            ]
        ];
    }
    return true;
};

Cargo Hardening

$wgGroupPermissions['user']['runcargoqueries'] = false;
$wgGroupPermissions['user']['recreatecargodata'] = false;

Upload Restrictions

$wgGroupPermissions['user']['upload']        = false;
$wgGroupPermissions['user']['reupload']      = false;
$wgGroupPermissions['user']['reupload-own']  = false;

$wgGroupPermissions['sysop']['upload']       = true;
$wgGroupPermissions['sysop']['reupload']     = true;
$wgGroupPermissions['sysop']['reupload-own'] = true;

Optional Hardening

$wgNonincludableNamespaces[] = NS_ICT;

# Avoid login redirect bug
$wgRedirectOnLogin = "Hoofdpagina";

Interface Clutter Reduction (CSS)

User View (MediaWiki:Group-user.css)

/* Hide Top Bar & Right Column for Users in Dashboard & Main */
.ns-3020 .vector-page-toolbar, 
.ns-0 .vector-page-toolbar,
.ns-3020 .vector-column-end, 
.ns-0 .vector-column-end {
    display: none !important;
}

/* Reclaim space for full-width layout */
.ns-3020 .mw-content-container, 
.ns-0 .mw-content-container {
    max-width: none !important;
}

/* Ensure Form Buttons are NEVER hidden */
.mw-body-content .mw-ui-button, 
.mw-body-content .pfForm {
    display: inline-block !important;
    visibility: visible !important;
}

Sysop View (MediaWiki:Group-sysop.css)

/* Restore the Top Toolbar */
html body.skin-vector-2022 .vector-page-toolbar {
    display: flex !important;
}

/* Restore the Right Column Tools */
html body.skin-vector-2022 .vector-column-end {
    display: block !important;
    position: absolute !important;
    right: 0;
    top: 150px;
    z-index: 100;
}

/* Full-width content for Sysop */
html body.skin-vector-2022 .mw-content-container {
    max-width: none !important;
    margin-right: 0 !important;
}

Testing and Known Limitations

Preliminary testing shows:

  • Anonymous users and regular users cannot reach dangerous pages through navigation
  • PageForms works correctly despite namespace restrictions
  • Sysop retains full interface access

Known Limitations

  • Anonymous users still see the top toolbar in Main (to be refined later)
  • Hardcoded sidebar paths must be updated if URL structure changes
  • MediaWiki cannot fully hide configuration pages from knowledgeable users
  • Lockdown cannot invert the permission model

Future Work

  • Remove top toolbar for anonymous users in Main
  • Evaluate whether Dashboard needs further simplification
  • Test new namespaces as they are added
  • Revisit Cargo permissions once data volume grows
Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:FinalConfig-Clutter_and_protection&oldid=678"