Extension:CategoryLockdown

If you need per-page or partial page access restrictions, you are advised to install an appropriate content management package. MediaWiki was not written to provide per-page access restrictions, and almost all hacks or patches promising to add them will likely have flaws somewhere, which could lead to exposure of confidential data. We are not responsible for anything being leaked. For further details, see Security issues with authorisation extensions

MediaWiki extensions manual

CategoryLockdown Release status: stable
Implementation	User rights
Description	Restrict permissions by category and group
Author(s)	Sophivorustalk
Latest version	4.0 (2021-12-13)
MediaWiki	>= 1.29.0
Database changes	No
License	GNU General Public License 3.0 or later
Download	Download extension Git [?]: Download Git master browse repository (GitHub) commit history repository contributors (GitHub) code review
Example	[1]
Parameters $wgCategoryLockdown
Hooks used ApiCheckCanExecute getUserPermissionsErrors
Quarterly downloads	17 (Ranked 116th)
Translate the CategoryLockdown extension if it is available at translatewiki.net

The CategoryLockdown extension allows admins to restrict permissions by category and group.

• Download and move the extracted CategoryLockdown folder to your extensions/ directory.
  Developers and code contributors should install the extension from Git instead, using:cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/CategoryLockdown
• Add the following code at the bottom of your LocalSettings.php file:

  wfLoadExtension( 'CategoryLockdown' );
  

•  Done – Navigate to Special:Version on your wiki to verify that the extension is successfully installed.

To restrict the 'read' permission of the Category:Maintenance and its pages to the 'sysop' group only (admins), add the following to your LocalSettings.php:

$wgCategoryLockdown['Maintenance']['read'] = 'sysop';

Similarly, to restrict the 'edit' permission of the Category:Sales and its pages to the 'vendor' group:

$wgCategoryLockdown['Sales']['edit'] = 'vendor';

To restrict editing to users in the 'vendor' OR 'manager' groups:

$wgCategoryLockdown['Sales']['edit'] = [ 'vendor', 'manager' ];

Note that pages in subcategories are not affected. If Category:Clients is a subcategory of Category:Sales, then pages within it won't be protected by the above setting. You'd need to add:

$wgCategoryLockdown['Clients']['edit'] = [ 'vendor', 'manager' ];

Also note that if a page is in BOTH the Category:Sales and the Category:Clients, then the following will restrict editing to users in the 'vendor' OR 'manager' groups:

$wgCategoryLockdown['Sales']['edit'] = 'vendor',
$wgCategoryLockdown['Clients']['edit'] = 'manager';

Finally, note that:

• Rules don't apply to admins (users in the 'sysop' group).
• You can use this syntax to restrict any permission (not just 'read' and 'edit'). However, if users are allowed to read and edit a page, then they can avoid other restrictions by re-categorizing the page.
• This extension only removes permissions, it doesn't grant them. If the general config of your wiki forbids editing to all users, then adding a rule that restricts editing to a certain group won't work. Instead, allow editing to all users and then use this extension to restrict editing to the desired group.

• Extension:Lockdown - More sophisticated but cannot restrict access by category and group
• Extension:Restrict access by category and group - Similar idea but more complicated and unmaintained