ICT:Multi-Tier access - UI protection

ICT Documentation: Multi-Tier Access & UI Protection

To maintain a "clutter-free" environment for our researchers (aged 70+) and protect the 500GB archive, we use a combination of Group-Specific CSS and Permission Restrictions.

1. UI Simplification (Vector 2022)

We use group-specific CSS to hide "Wiki-noise" for regular members. This is managed in MediaWiki:Group-user.css.

/* MediaWiki:Group-user.css - Specific for Vector 2022 */

/* 1. Hide the right-side 'Page Tools' (Edit, History, etc. dropdown) */
.vector-page-toolbar, .vector-column-end { 
    display: none !important; 
}

/* 2. Hide the main Sidebar (Vector 2022 Main Menu) */
.vector-main-menu-container, #vector-main-menu-dropdown { 
    display: none !important; 
}

/* 3. Reclaim the sidebar space for Maps/Tables */
.mw-content-container { 
    margin-left: 0 !important; 
    max-width: none !important; 
}

/* 4. Increase font size for better legibility */
.mw-body-content { 
    font-size: 1.15em; 
    line-height: 1.6; 
}

2. Security & Namespace Protection

To prevent accidental data corruption or navigation into technical areas, the following logic is applied in LocalSettings.php.

Restricted Access to Special Pages

Members only see the Dashboard; technical pages are reserved for the Sysop.

# Block 'user' group from seeing technical Special Pages
$wgRevokePermissions['user']['readspecialpages'] = true;

# Specifically allow access to the Dashboard and search
$wgWhitelistReadSpecial = [ 'Search', 'MyPage', 'Recentchanges' ];

# Re-enable all access for the Sysop
$wgGroupPermissions['sysop']['readspecialpages'] = true;

Data Integrity Rules

Since we use Page Forms, we disable "Raw Editing" and "Move/Delete" for members to protect the Cargo structure.

# Disable raw source editing for members (forces Form use)
$wgGroupPermissions['user']['edit'] = false;
$wgGroupPermissions['user']['viewform'] = true;

# Prevent accidental deletion or renaming of 500GB of assets
$wgGroupPermissions['user']['delete'] = false;
$wgGroupPermissions['user']['move'] = false;

# Protect the MediaWiki system configuration
$wgGroupPermissions['user']['editinterface'] = false;

3. Dashboard-First Workflow

The `Dashboard:` namespace serves as the primary UI.

Anonymous Users: See a "Public View" with restricted sidebars (via `.mw-anon` in `Common.css`).
Members (Users): See a simplified "Data Entry" view with large buttons and form-only editing.
Sysop (Admin): Sees the full MediaWiki interface with all tools visible for maintenance.

4. Technical Maintenance

To refresh the UI after CSS changes: Press Ctrl+F5 (Windows) or Cmd+Shift+R (Mac).
To edit CSS for everyone: Use MediaWiki:Common.css.
To edit CSS only for members: Use MediaWiki:Group-user.css.

ICT Documentation: Custom Personal Tools

Since standard Vector 2022 menus are hidden for the 'user' group, we provide manual entry points for personal account management on the Dashboard.

1. Personal Tool Links

We use MediaWiki "Special" shortcuts to ensure the links work for every member automatically:

Profile: `Special:MyPage` - Opens the member's personal research notes page.
Settings: `Special:Preferences` - Allows users to change font sizes or notification settings.
Logout: `Special:UserLogout` - Safely ends the session.

2. Visual Implementation

We utilize the `mw-ui-button` CSS class to ensure buttons are:

Large: Easier to click for senior users with reduced motor precision.
Standardized: Matches the existing MediaWiki "Look and Feel."

3. Header/Footer Placement

It is recommended to place these buttons in a Template:DashboardHeader so they appear consistently at the top of every page in the `Dashboard:` namespace.

<div style="float:right;">
 [[Special:UserLogout|Log Out]] | [[Special:MyPage|Profile]]
</div>