Jump to content

ICT:Multi-Tier access - UI protection

From Costa Sano MediaWiki
Revision as of 11:02, 12 February 2026 by Mngr (talk | contribs) (Created page with "== ICT Documentation: Multi-Tier Access & UI Protection == To maintain a "clutter-free" environment for our researchers (aged 70+) and protect the 500GB archive, we use a combination of Group-Specific CSS and Permission Restrictions. === 1. UI Simplification (Vector 2022) === We use group-specific CSS to hide "Wiki-noise" for regular members. This is managed in '''MediaWiki:Group-user.css'''. <pre> MediaWiki:Group-user.css - Specific for Vector 2022: /* 1. H...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)

ICT Documentation: Multi-Tier Access & UI Protection

To maintain a "clutter-free" environment for our researchers (aged 70+) and protect the 500GB archive, we use a combination of Group-Specific CSS and Permission Restrictions.

1. UI Simplification (Vector 2022)

We use group-specific CSS to hide "Wiki-noise" for regular members. This is managed in MediaWiki:Group-user.css. 

/* MediaWiki:Group-user.css - Specific for Vector 2022 */

/* 1. Hide the right-side 'Page Tools' (Edit, History, etc. dropdown) */
.vector-page-toolbar, .vector-column-end { 
    display: none !important; 
}

/* 2. Hide the main Sidebar (Vector 2022 Main Menu) */
.vector-main-menu-container, #vector-main-menu-dropdown { 
    display: none !important; 
}

/* 3. Reclaim the sidebar space for Maps/Tables */
.mw-content-container { 
    margin-left: 0 !important; 
    max-width: none !important; 
}

/* 4. Increase font size for better legibility */
.mw-body-content { 
    font-size: 1.15em; 
    line-height: 1.6; 
}

2. Security & Namespace Protection

To prevent accidental data corruption or navigation into technical areas, the following logic is applied in LocalSettings.php.

Restricted Access to Special Pages

Members only see the Dashboard; technical pages are reserved for the Sysop. 

# Block 'user' group from seeing technical Special Pages
$wgRevokePermissions['user']['readspecialpages'] = true;

# Specifically allow access to the Dashboard and search
$wgWhitelistReadSpecial = [ 'Search', 'MyPage', 'Recentchanges' ];

# Re-enable all access for the Sysop
$wgGroupPermissions['sysop']['readspecialpages'] = true;

Data Integrity Rules

Since we use Page Forms, we disable "Raw Editing" and "Move/Delete" for members to protect the Cargo structure. 

# Disable raw source editing for members (forces Form use)
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['viewform'] = true;

# Prevent accidental deletion or renaming of 500GB of assets
$wgGroupPermissions['user']['delete'] = false;
$wgGroupPermissions['user']['move'] = false;

# Protect the MediaWiki system configuration
$wgGroupPermissions['user']['editinterface'] = false;

3. Dashboard-First Workflow

The `Dashboard:` namespace serves as the primary UI.

  • Anonymous Users: See a "Public View" with restricted sidebars (via `.mw-anon` in `Common.css`).
  • Members (Users): See a simplified "Data Entry" view with large buttons and form-only editing.
  • Sysop (Admin): Sees the full MediaWiki interface with all tools visible for maintenance.

4. Technical Maintenance

Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:Multi-Tier_access_-_UI_protection&oldid=573"