This use case implies that visitors can only see content of the wiki when registered users with confirmed email address can participate in creating content. It also creates a moderator group called ninja with extended rights that you can
Based on mediawiki 1.15.1 default $wgGroupPermissions array. You need to add the following to your LocalSettings.php:
// Get user in emailconfirmed group when loading email confirmation link
$wgAutopromote = array(
‘emailconfirmed’ => APCOND_EMAILCONFIRMED,
);
$wgGroupPermissions = array();
// Group for all visitors
$wgGroupPermissions[‘*’][‘createaccount’] = true;
$wgGroupPermissions[‘*’][‘read’] = true;
$wgGroupPermissions[‘*’][‘edit’] = false;
$wgGroupPermissions[‘*’][‘createpage’] = false;
$wgGroupPermissions[‘*’][‘createtalk’] = false;
$wgGroupPermissions[‘*’][‘writeapi’] = false;
// Group for all logged-in accounts
$wgGroupPermissions[‘user’][‘move’] = false;
$wgGroupPermissions[‘user’][‘move-subpages’] = false;
$wgGroupPermissions[‘user’][‘move-rootuserpages’] = false; // can move root userpages
$wgGroupPermissions[‘user’][‘movefile’] = false; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions[‘user’][‘read’] = true;
$wgGroupPermissions[‘user’][‘edit’] = false;
$wgGroupPermissions[‘user’][‘createpage’] = false;
$wgGroupPermissions[‘user’][‘createtalk’] = false;
$wgGroupPermissions[‘user’][‘writeapi’] = false;
$wgGroupPermissions[‘user’][‘upload’] = false;
$wgGroupPermissions[‘user’][‘reupload’] = false;
$wgGroupPermissions[‘user’][‘reupload-shared’] = false;
$wgGroupPermissions[‘user’][‘minoredit’] = false;
$wgGroupPermissions[‘user’][‘purge’] = true; // can use ?action=purge without clicking "ok"
// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions[‘autoconfirmed’][‘autoconfirmed’] = true;
// Group for accounts with confirmed email addresses
// Users have to register and confirm email to edit
$wgGroupPermissions[‘emailconfirmed’][‘move’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘move-subpages’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘move-rootuserpages’] = true; // can move root emailconfirmedpages
$wgGroupPermissions[‘emailconfirmed’][‘movefile’] = false; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions[‘emailconfirmed’][‘read’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘edit’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘createpage’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘createtalk’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘writeapi’] = false;
$wgGroupPermissions[‘emailconfirmed’][‘upload’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘reupload’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘reupload-shared’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘minoredit’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘purge’] = true; // can use ?action=purge without clicking "ok"
// Group for moderator accounts
$wgGroupPermissions[‘ninja’][‘ninja’] = true;
$wgGroupPermissions[‘ninja’][‘block’] = true;
$wgGroupPermissions[‘ninja’][‘delete’] = true;
$wgGroupPermissions[‘ninja’][‘editprotected’] = true; // can edit all protected pages without cascade protection enabled
// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions[‘bot’][‘bot’] = true;
$wgGroupPermissions[‘bot’][‘autoconfirmed’] = true;
$wgGroupPermissions[‘bot’][‘nominornewtalk’] = true;
$wgGroupPermissions[‘bot’][‘autopatrol’] = true;
$wgGroupPermissions[‘bot’][’suppressredirect’] = true;
$wgGroupPermissions[‘bot’][‘apihighlimits’] = true;
$wgGroupPermissions[‘bot’][‘writeapi’] = true;
$wgGroupPermissions[‘bot’][‘editprotected’] = true; // can edit all protected pages without cascade protection enabled
// Most extra permission abilities go to this group
$wgGroupPermissions[’sysop’][‘block’] = true;
$wgGroupPermissions[’sysop’][‘createaccount’] = true;
$wgGroupPermissions[’sysop’][‘delete’] = true;
$wgGroupPermissions[’sysop’][‘bigdelete’] = true; // can be separately configured for pages with > $wgDeleteRevisionsLimit revs
$wgGroupPermissions[’sysop’][‘deletedhistory’] = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions[’sysop’][‘undelete’] = true;
$wgGroupPermissions[’sysop’][‘editinterface’] = true;
$wgGroupPermissions[’sysop’][‘editusercssjs’] = true;
$wgGroupPermissions[’sysop’][‘import’] = true;
$wgGroupPermissions[’sysop’][‘importupload’] = true;
$wgGroupPermissions[’sysop’][‘move’] = true;
$wgGroupPermissions[’sysop’][‘move-subpages’] = true;
$wgGroupPermissions[’sysop’][‘move-rootuserpages’] = true;
$wgGroupPermissions[’sysop’][‘patrol’] = true;
$wgGroupPermissions[’sysop’][‘autopatrol’] = true;
$wgGroupPermissions[’sysop’][‘protect’] = true;
$wgGroupPermissions[’sysop’][‘proxyunbannable’] = true;
$wgGroupPermissions[’sysop’][‘rollback’] = true;
$wgGroupPermissions[’sysop’][‘trackback’] = true;
$wgGroupPermissions[’sysop’][‘upload’] = true;
$wgGroupPermissions[’sysop’][‘reupload’] = true;
$wgGroupPermissions[’sysop’][‘reupload-shared’] = true;
$wgGroupPermissions[’sysop’][‘unwatchedpages’] = true;
$wgGroupPermissions[’sysop’][‘autoconfirmed’] = true;
$wgGroupPermissions[’sysop’][‘upload_by_url’] = true;
$wgGroupPermissions[’sysop’][‘ipblock-exempt’] = true;
$wgGroupPermissions[’sysop’][‘blockemail’] = true;
$wgGroupPermissions[’sysop’][‘markbotedits’] = true;
$wgGroupPermissions[’sysop’][‘apihighlimits’] = true;
$wgGroupPermissions[’sysop’][‘browsearchive’] = true;
$wgGroupPermissions[’sysop’][‘noratelimit’] = true;
$wgGroupPermissions[’sysop’][‘movefile’] = true;
#$wgGroupPermissions['sysop']['mergehistory'] = true;
// Permission to change users’ group assignments
$wgGroupPermissions[‘bureaucrat’][‘userrights’] = true;
$wgGroupPermissions[‘bureaucrat’][‘noratelimit’] = true;
$wgAutopromote = array(
‘emailconfirmed’ => APCOND_EMAILCONFIRMED,
);
$wgGroupPermissions = array();
// Group for all visitors
$wgGroupPermissions[‘*’][‘createaccount’] = true;
$wgGroupPermissions[‘*’][‘read’] = true;
$wgGroupPermissions[‘*’][‘edit’] = false;
$wgGroupPermissions[‘*’][‘createpage’] = false;
$wgGroupPermissions[‘*’][‘createtalk’] = false;
$wgGroupPermissions[‘*’][‘writeapi’] = false;
// Group for all logged-in accounts
$wgGroupPermissions[‘user’][‘move’] = false;
$wgGroupPermissions[‘user’][‘move-subpages’] = false;
$wgGroupPermissions[‘user’][‘move-rootuserpages’] = false; // can move root userpages
$wgGroupPermissions[‘user’][‘movefile’] = false; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions[‘user’][‘read’] = true;
$wgGroupPermissions[‘user’][‘edit’] = false;
$wgGroupPermissions[‘user’][‘createpage’] = false;
$wgGroupPermissions[‘user’][‘createtalk’] = false;
$wgGroupPermissions[‘user’][‘writeapi’] = false;
$wgGroupPermissions[‘user’][‘upload’] = false;
$wgGroupPermissions[‘user’][‘reupload’] = false;
$wgGroupPermissions[‘user’][‘reupload-shared’] = false;
$wgGroupPermissions[‘user’][‘minoredit’] = false;
$wgGroupPermissions[‘user’][‘purge’] = true; // can use ?action=purge without clicking "ok"
// Implicit group for accounts that pass $wgAutoConfirmAge
$wgGroupPermissions[‘autoconfirmed’][‘autoconfirmed’] = true;
// Group for accounts with confirmed email addresses
// Users have to register and confirm email to edit
$wgGroupPermissions[‘emailconfirmed’][‘move’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘move-subpages’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘move-rootuserpages’] = true; // can move root emailconfirmedpages
$wgGroupPermissions[‘emailconfirmed’][‘movefile’] = false; // Disabled for now due to possible bugs and security concerns
$wgGroupPermissions[‘emailconfirmed’][‘read’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘edit’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘createpage’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘createtalk’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘writeapi’] = false;
$wgGroupPermissions[‘emailconfirmed’][‘upload’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘reupload’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘reupload-shared’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘minoredit’] = true;
$wgGroupPermissions[‘emailconfirmed’][‘purge’] = true; // can use ?action=purge without clicking "ok"
// Group for moderator accounts
$wgGroupPermissions[‘ninja’][‘ninja’] = true;
$wgGroupPermissions[‘ninja’][‘block’] = true;
$wgGroupPermissions[‘ninja’][‘delete’] = true;
$wgGroupPermissions[‘ninja’][‘editprotected’] = true; // can edit all protected pages without cascade protection enabled
// Users with bot privilege can have their edits hidden
// from various log pages by default
$wgGroupPermissions[‘bot’][‘bot’] = true;
$wgGroupPermissions[‘bot’][‘autoconfirmed’] = true;
$wgGroupPermissions[‘bot’][‘nominornewtalk’] = true;
$wgGroupPermissions[‘bot’][‘autopatrol’] = true;
$wgGroupPermissions[‘bot’][’suppressredirect’] = true;
$wgGroupPermissions[‘bot’][‘apihighlimits’] = true;
$wgGroupPermissions[‘bot’][‘writeapi’] = true;
$wgGroupPermissions[‘bot’][‘editprotected’] = true; // can edit all protected pages without cascade protection enabled
// Most extra permission abilities go to this group
$wgGroupPermissions[’sysop’][‘block’] = true;
$wgGroupPermissions[’sysop’][‘createaccount’] = true;
$wgGroupPermissions[’sysop’][‘delete’] = true;
$wgGroupPermissions[’sysop’][‘bigdelete’] = true; // can be separately configured for pages with > $wgDeleteRevisionsLimit revs
$wgGroupPermissions[’sysop’][‘deletedhistory’] = true; // can view deleted history entries, but not see or restore the text
$wgGroupPermissions[’sysop’][‘undelete’] = true;
$wgGroupPermissions[’sysop’][‘editinterface’] = true;
$wgGroupPermissions[’sysop’][‘editusercssjs’] = true;
$wgGroupPermissions[’sysop’][‘import’] = true;
$wgGroupPermissions[’sysop’][‘importupload’] = true;
$wgGroupPermissions[’sysop’][‘move’] = true;
$wgGroupPermissions[’sysop’][‘move-subpages’] = true;
$wgGroupPermissions[’sysop’][‘move-rootuserpages’] = true;
$wgGroupPermissions[’sysop’][‘patrol’] = true;
$wgGroupPermissions[’sysop’][‘autopatrol’] = true;
$wgGroupPermissions[’sysop’][‘protect’] = true;
$wgGroupPermissions[’sysop’][‘proxyunbannable’] = true;
$wgGroupPermissions[’sysop’][‘rollback’] = true;
$wgGroupPermissions[’sysop’][‘trackback’] = true;
$wgGroupPermissions[’sysop’][‘upload’] = true;
$wgGroupPermissions[’sysop’][‘reupload’] = true;
$wgGroupPermissions[’sysop’][‘reupload-shared’] = true;
$wgGroupPermissions[’sysop’][‘unwatchedpages’] = true;
$wgGroupPermissions[’sysop’][‘autoconfirmed’] = true;
$wgGroupPermissions[’sysop’][‘upload_by_url’] = true;
$wgGroupPermissions[’sysop’][‘ipblock-exempt’] = true;
$wgGroupPermissions[’sysop’][‘blockemail’] = true;
$wgGroupPermissions[’sysop’][‘markbotedits’] = true;
$wgGroupPermissions[’sysop’][‘apihighlimits’] = true;
$wgGroupPermissions[’sysop’][‘browsearchive’] = true;
$wgGroupPermissions[’sysop’][‘noratelimit’] = true;
$wgGroupPermissions[’sysop’][‘movefile’] = true;
#$wgGroupPermissions['sysop']['mergehistory'] = true;
// Permission to change users’ group assignments
$wgGroupPermissions[‘bureaucrat’][‘userrights’] = true;
$wgGroupPermissions[‘bureaucrat’][‘noratelimit’] = true;
