Last modified: 2013-09-03 18:29:53 UTC
Ideally, it should be possible to combine upload right assignments with file types, such that: $wgGroupPermissions['sysop']['upload'] = true; retains its current meaning 'anyone in group /sysop/ may upload any file with a file type in $wgFileExtensions' but further tweaking is supported, such that e.g. $wgGroupPermissions['user']['upload'] = array('png', 'jpg'); restricts anyone in group /user/ to upload only .png and .jpg files, and none of the other file types that may be included in $wgFileExtensions.
Interesting idea, although I feel that this might be better suited to an extension. I'd also be concerned exteding that global in that way, might interfere with other peoples plans to extend it to be per namespace.
(In reply to comment #1) > Interesting idea, although I feel that this might be better suited to an > extension. > > I'd also be concerned exteding that global in that way, might interfere with > other peoples plans to extend it to be per namespace. Thanks, Brian. I was not aware of these plans. Is there any place I can read up on that? AFAIC, it's primarily about the functionality and less so about the form. If there's a better way than extending $wgGroupPermissions that would be fine. My first impression was that $wgGroupPermissions just 'feels right' -- it's where I first started searching for this type of functionality.
I'd avoid the particular format suggested in the original comment -- if one wants something like this I'd recommend more like: $wgGroupPermissions['user']['upload-ext-png'] = true; $wgGroupPermissions['user']['upload-ext-jpeg'] = true; or $wgGroupPermissions['user']['upload-type-image/png'] = true; $wgGroupPermissions['user']['upload-type-image/jpeg'] = true; Not sure whether it's better to use extensions or types here, as neither really covers our validity checks well (which sorta check both). More generally though, I'm not sure how best to make something like this work for the user interface; we'd need to be able to distinguish between 'can't upload anything' and 'can upload some file types', and then provide interactive UI to try to check for file type before upload and prevent upload of non-permitted types, as well as a type permission check during the upload if that gets bypassed. It might be easier to provide a second right that confers ability to bypass the file type whitelist and upload anything not blacklisted (or even bypass the blacklist), for the occasional "it's useful to upload an .exe.zip here" or something.