Jump to content

ICT:FinalConfig-Clutter and protection

From Costa Sano MediaWiki
Revision as of 15:42, 13 February 2026 by Mngr (talk | contribs)

Final Configuration concerning general clutter reduction and page protection

Document revison: 2026-02-13 by Mngr

The project is using a lot of namespaces, both system default ones and proprietary ones. Although the general default philosophy of MediaWiki is to be as open as possible, we go for a as closed as possible scenario. This needs a lot a configuration and during 3 days of struggling with this configuration it was observed that it is not fully possible with too much extra lines of code to deal with this ending up in a stable and predictable system. The historical heritage project as intended to be used by senior people mostly older than 70 and have historical reflexes more than IT reflexes. A very first requirment is the use of DARK MODE and for now this is only present in an easy way in the vector-2022 skin. However this skin is rather complex so we learned the lesson the hard way not to use too much private css. An experiment to use the more simpler Minerva skin for all or a number of namespaces was not successfull due to the lack of Dark mode. This finally means that we ended up in extra configuration for vector-2022 in constant dark mode with clutter reduction and protection realised in LocalSystems.php and some elementary css files.

The idea is the following:

  1. Anonymous users should see the final public documents from the reserach effort, without any MediaWiki clutter.
  2. Sysop of course should be capable of dealing with the system as a normal sysop
  3. The users = senior historians, should only have access to
    1. Dashboard: namespace for introducing data
    2. Research: namespace for creating and editing and reviewing publication pages coming out of the research These, once validated and accepted by the users = Costa Sano clubmembers, should then be copied to the Main namespace for public access.

This means: the user workflow is

  1. Introducing and documenting media data via the Dashboard namespace
  2. Followed by the creating of pages to be made available to the general public in our environment, and optionally moved to Wikipedia.

There are no other users in the system than the onces described above.

Configuring the correct skin

LocalSystems.php snippet 

# =================================================
# SKIN & INTERFACE
# =================================================
# --- RESTORE VECTOR 2022 ---
wfLoadSkin( 'Vector' );
$wgDefaultSkin = "vector-2022";

# --- ENABLE NATIVE DARK MODE (For Vector 2022) ---
# This unlocks the "Appearance" menu for users without manual CSS hacks.
$wgVectorNightMode = [
    'beta' => true,
    'logged_in' => true,
    'logged_out' => true,
];

# --- OPTIONAL: Force 'Dark' as the default for all users ---
$wgDefaultUserOptions['vector-theme'] = 'night';

Protection

Protection settings are realised in the following way.

What is documented by MediaWiki as of using the following approach:

  1. forbid everything
  2. and the allow specific function and actions (with Lockdown)

gives no result at all, because this is against the spirit of what Lockdown is supposed to do.

The adopted solution is as follows:

LocalSystems.php snippet 


###########################################################################
# STABLE INTERFACE MODEL - MW 1.43 / PHP 8.2 COMPATIBLE
###########################################################################

# 1. GLOBAL PERMISSIONS
$wgGroupPermissions['*']['read']          = true;
$wgGroupPermissions['*']['edit']          = false;
$wgGroupPermissions['*']['createaccount'] = false;

# Clubmembers: Full drafting in Research, but locked system areas
$wgGroupPermissions['user']['read']       = true;
$wgGroupPermissions['user']['edit']       = true;
$wgGroupPermissions['user']['upload']     = false;

# Sysop: Absolute interface control
$wgGroupPermissions['sysop']['editinterface'] = true;
$wgGroupPermissions['sysop']['upload']        = true;

# 2. NAMESPACE PROTECTION
$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];
$wgNamespaceProtection[NS_ICT]       = [ 'editinterface' ];
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ]; 

# 3. CONTENT DEFINITION
$wgContentNamespaces = [
    NS_MAIN, NS_RESEARCH, NS_ICT, NS_DASHBOARD,
    NS_CHAPTER, NS_PLACE, NS_ORGANISATION, NS_PERSON, NS_HERITAGE, NS_ASSET
];
$wgNamespacesWithSubpages[NS_DASHBOARD] = true;

# 4. SAFE SIDEBAR HOOK (MW 1.43 Signature)
# This hook modifies the sidebar content only for non-admins.
# Uses static relative paths to prevent 'Title' object initialization crashes.
$wgHooks['SidebarBeforeOutput'][] = function ( $skin, &$sidebar ) {
    $user = $skin->getUser();
    
    # Only simplify for non-admins (Club Members)
    if ( !$user->isAllowed( 'editinterface' ) ) {
        # We use the $wgArticlePath format (usually /Dashboard:Main)
        $sidebar = [
            'Project Navigation' => [
                [ 'text' => 'Dashboard', 'href' => '/Dashboard:Main' ],
                [ 'text' => 'Research Area', 'href' => '/Research:Main' ],
            ],
            'Account' => [
                [ 'text' => 'Logout', 'href' => '/Special:UserLogout' ]
            ]
        ];
    }
    return true;
};

# 5. NAMESPACE PROTECTION (Keep the seniors safe)
$wgNamespaceProtection[NS_MAIN]      = [ 'protect' ];      // Locked Library
$wgNamespaceProtection[NS_ICT]       = [ 'editinterface' ]; // Locked Technical Docs
$wgNamespaceProtection[NS_DASHBOARD] = [ 'editinterface' ]; // Locked App Layout

# 6. CARGO SECURITY (The "Simple" Block)
# This stops the 'Cargo data' link from actually working for users
$wgGroupPermissions['user']['runcargoqueries'] = false;
$wgGroupPermissions['user']['recreatecargodata'] = false;

# 7. This hides the 'Edit' button and replaces it with 'View Source' for non-admins
$wgNamespaceProtection[NS_DASHBOARD] = ['editinterface'];
$wgNamespaceProtection[NS_MAIN]      = ['protect'];
$wgNamespaceProtection[NS_ICT]       = ['editinterface'];

# 8. Disable direct uploads for users
$wgGroupPermissions['user']['upload'] = false;
$wgGroupPermissions['user']['reupload'] = false;
$wgGroupPermissions['user']['reupload-own'] = false;

# 9. Sysop keeps upload rights
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['sysop']['reupload'] = true;
$wgGroupPermissions['sysop']['reupload-own'] = true;

# -------------------------------------------------
# OPTIONAL HARDENING
# -------------------------------------------------

$wgNonincludableNamespaces[] = NS_ICT;

#Never redirect a page - bypass login redirect problem/bug
$wgRedirectOnLogin = "Hoofdpagina";


############################################################
# END OF SIMPLE ANTI CLUTTER AND PROTECTION  MODEL
############################################################

As one may observe it is not a simple taks to reduce the clutter and protect the environment against accidentel and curiously clicking links that could lead to corruption of the system. Point 4 introduces a special sidebar for replacing the classical MediaWiki left sidebar. Only permitted pages are listed in the sidebar.

It has been decided to make disappear, except for the sysop of the classical bar on top of a text. 

Namespace Discussion Read Edit Edit source View history

This avoids a lot of possible problems with the users.

This is realised by 2 css group files:

MediaWiki:Group-user.css 

/* CSS placed here will affect registered users only */

/* Hide Top Bar & Right Column for Users in Dashboard & Main */
.ns-3020 .vector-page-toolbar, 
.ns-0 .vector-page-toolbar,
.ns-3020 .vector-column-end, 
.ns-0 .vector-column-end {
    display: none !important;
}

/* Reclaim space for full-width layout */
.ns-3020 .mw-content-container, 
.ns-0 .mw-content-container {
    max-width: none !important;
}

/* Ensure Form Buttons are NEVER hidden */
.mw-body-content .mw-ui-button, 
.mw-body-content .pfForm {
    display: inline-block !important;
    visibility: visible !important;
}

and a second one restoring the bar for the sysop (as sysop is also considered a user)

MediaWIki:Group-sysop.css 

/* MediaWiki:Group-sysop.css - Fluid Admin View */

/* 1. Restore the Top Toolbar (Read, Edit, History) */
html body.skin-vector-2022 .vector-page-toolbar {
    display: flex !important;
    visibility: visible !important;
}

/* 2. Restore the Right Column Tools WITHOUT shrinking the content */
html body.skin-vector-2022 .vector-column-end {
    display: block !important;
    visibility: visible !important;
    position: absolute !important; /* Floats the tools so they don't push the content */
    right: 0;
    top: 150px;
    z-index: 100;
}

/* 3. FORCE CONTENT FULL-WIDTH for Sysop */
html body.skin-vector-2022 .mw-content-container {
    max-width: none !important;
    margin-right: 0 !important; /* Removes the "squeeze" */
}

Testing

This configuration was tested and demonstrated satisfaction. However, we should see if all protection in LocalSystems.php makes sense and does not forbit too much. This needs to be discovered as we go along.

Retrieved from "https://mwiki.costasano.club/index.php?title=ICT:FinalConfig-Clutter_and_protection&oldid=674"