ICT:Multi-Tier access - UI protection
Appearance
ICT Documentation: Multi-Tier Access & UI Protection
To maintain a "clutter-free" environment for our researchers (aged 70+) and protect the 500GB archive, we use a combination of Group-Specific CSS and Permission Restrictions.
1. UI Simplification (Vector 2022)
We use group-specific CSS to hide "Wiki-noise" for regular members. This is managed in MediaWiki:Group-user.css.
/* MediaWiki:Group-user.css - Specific for Vector 2022 */
/* 1. Hide the right-side 'Page Tools' (Edit, History, etc. dropdown) */
.vector-page-toolbar, .vector-column-end {
display: none !important;
}
/* 2. Hide the main Sidebar (Vector 2022 Main Menu) */
.vector-main-menu-container, #vector-main-menu-dropdown {
display: none !important;
}
/* 3. Reclaim the sidebar space for Maps/Tables */
.mw-content-container {
margin-left: 0 !important;
max-width: none !important;
}
/* 4. Increase font size for better legibility */
.mw-body-content {
font-size: 1.15em;
line-height: 1.6;
}
2. Security & Namespace Protection
To prevent accidental data corruption or navigation into technical areas, the following logic is applied in LocalSettings.php.
Restricted Access to Special Pages
Members only see the Dashboard; technical pages are reserved for the Sysop.
# Block 'user' group from seeing technical Special Pages $wgRevokePermissions['user']['readspecialpages'] = true; # Specifically allow access to the Dashboard and search $wgWhitelistReadSpecial = [ 'Search', 'MyPage', 'Recentchanges' ]; # Re-enable all access for the Sysop $wgGroupPermissions['sysop']['readspecialpages'] = true;
Data Integrity Rules
Since we use Page Forms, we disable "Raw Editing" and "Move/Delete" for members to protect the Cargo structure.
# Disable raw source editing for members (forces Form use) $wgGroupPermissions['user']['edit'] = false; $wgGroupPermissions['user']['viewform'] = true; # Prevent accidental deletion or renaming of 500GB of assets $wgGroupPermissions['user']['delete'] = false; $wgGroupPermissions['user']['move'] = false; # Protect the MediaWiki system configuration $wgGroupPermissions['user']['editinterface'] = false;
3. Dashboard-First Workflow
The `Dashboard:` namespace serves as the primary UI.
- Anonymous Users: See a "Public View" with restricted sidebars (via `.mw-anon` in `Common.css`).
- Members (Users): See a simplified "Data Entry" view with large buttons and form-only editing.
- Sysop (Admin): Sees the full MediaWiki interface with all tools visible for maintenance.
4. Technical Maintenance
- To refresh the UI after CSS changes: Press Ctrl+F5 (Windows) or Cmd+Shift+R (Mac).
- To edit CSS for everyone: Use MediaWiki:Common.css.
- To edit CSS only for members: Use MediaWiki:Group-user.css.