From: Tom Hughes Date: Sun, 14 Dec 2014 19:22:21 +0000 (+0000) Subject: Add support for private mediawiki sites X-Git-Url: https://git.openstreetmap.org/chef.git/commitdiff_plain/46d97368eb6034f2eb95d5a8400bd4bf6faf4ed2 Add support for private mediawiki sites --- diff --git a/cookbooks/mediawiki/definitions/mediawiki_site.rb b/cookbooks/mediawiki/definitions/mediawiki_site.rb index 81751fb37..d6a1ab773 100644 --- a/cookbooks/mediawiki/definitions/mediawiki_site.rb +++ b/cookbooks/mediawiki/definitions/mediawiki_site.rb @@ -55,7 +55,8 @@ define :mediawiki_site, :action => [ :create, :enable ] do :site_readonly => params[:site_readonly] || FALSE, :site_admin_user => "Admin", :site_admin_pw => passwords["mediawiki-admin-user"], - :enable_ssl => params[:enable_ssl] || FALSE + :enable_ssl => params[:enable_ssl] || FALSE, + :private => params[:private] || FALSE } #---------------- diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index e3236159e..d03b78cf9 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -167,6 +167,20 @@ $wgGroupPermissions['bureaucrat']['deletelogentry'] = true; $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; +<% if @mediawiki[:private] -%> + +#Disable reading by anonymous users +$wgGroupPermissions['*']['read'] = false; + +#Allow anonymous users to access the login page +$wgWhitelistRead = array ("Special:Userlogin"); + +#Prevent new user registrations except by sysops +$wgGroupPermissions['*']['createaccount'] = false; + +#Restrict access to the upload directory +$wgUploadPath = "$wgScriptPath/img_auth.php"; +<% end -%> #Allow Subpages on Main Namespace $wgNamespacesWithSubpages[NS_MAIN] = true; diff --git a/cookbooks/mediawiki/templates/default/apache.erb b/cookbooks/mediawiki/templates/default/apache.erb index 6cbbc76e6..dcded20cc 100644 --- a/cookbooks/mediawiki/templates/default/apache.erb +++ b/cookbooks/mediawiki/templates/default/apache.erb @@ -200,6 +200,14 @@ php_admin_flag engine off Options -ExecCGI -Includes -Indexes AllowOverride None +<% if @mediawiki[:private] -%> +<% if node[:lsb][:release].to_f >= 14.04 -%> + Require all denied +<% else -%> + Order allow,deny + Deny from all +<% end -%> +<% end -%> /images/thumb/>