Last modified: 2012-04-12 13:54:42 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T32962, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 30962 - cannot revoke access to Special:Userrights using $wgRevokePermissions when $wgAddGroups is used
cannot revoke access to Special:Userrights using $wgRevokePermissions when $w...
Status: NEW
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.16.x
All All
: Low normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-09-18 09:19 UTC by Nikola Kovacs
Modified: 2012-04-12 13:54 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Nikola Kovacs 2011-09-18 09:19:24 UTC 
Consider this setup:

$wgAddGroups['sysop'] = array('sysop');
$wgRemoveGroups['sysop'] = array('sysop');

There is no way to revoke this in another group. 
$wgRevokePermissions['othergroup']['userrights'] = true; doesn't work, since userrights is not needed for access to Special:UserRights.
Comment 1 Brion Vibber 2011-09-19 15:16:56 UTC 
What are you trying to accomplish by trying to remove access to Special:Userrights to someone who specifically has the right to add/remove other users from the sysop group? Perhaps there is another way to accomplish this that works more naturally with the permissions system.
Comment 2 Nikola Kovacs 2011-09-19 17:00:56 UTC 
Since sysops can make sysops, we want to have a way for bureaucrats to enforce a desysopping so a random sysop can't come and undo it. The idea was to use wgRevokePermissions to create a revoke group, so a bureaucrat could add someone to that group and then it wouldn't matter if the user was a sysop or not, they still wouldn't have the actual rights. Thanks to wgRevokePermissions this works for everything but access to Special:Userrights.

The UserrightsChangeableGroups hook would be an alternative solution, but it was removed in 1.16 because it was unused.
Comment 3 p858snake 2011-09-19 22:00:54 UTC 
Why not just don't give the sysop group rights to remove it, and give that right to the other group?
Comment 4 Nikola Kovacs 2011-09-20 03:23:20 UTC 
That's not the problem. The problem is the sysop group having the right to add it. If someone misbehaves they lose their sysopship, but then any sysop can reinstate it, causing a wheel war.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links