Last modified: 2013-09-03 18:29:53 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T55690, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 53690 - Fine-grained upload rights
Fine-grained upload rights
Status: NEW
Product: MediaWiki
Classification: Unclassified
Uploading (Other open bugs)
1.22.0
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-09-02 21:04 UTC by Remco de Boer
Modified: 2013-09-03 18:29 UTC (History)
5 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Remco de Boer 2013-09-02 21:04:23 UTC 
Ideally, it should be possible to combine upload right assignments with file types, such that:

$wgGroupPermissions['sysop']['upload'] = true;

retains its current meaning 'anyone in group /sysop/ may upload any file with a file type in $wgFileExtensions'

but further tweaking is supported, such that e.g.

$wgGroupPermissions['user']['upload'] = array('png', 'jpg');

restricts anyone in group /user/ to upload only .png and .jpg files, and none of the other file types that may be included in $wgFileExtensions.
Comment 1 Bawolff (Brian Wolff) 2013-09-02 21:58:16 UTC 
Interesting idea, although I feel that this might be better suited to an extension.

I'd also be concerned exteding that global in that way, might interfere with other peoples plans to extend it to be per namespace.
Comment 2 Remco de Boer 2013-09-03 18:20:45 UTC 
(In reply to comment #1)
> Interesting idea, although I feel that this might be better suited to an
> extension.
> 
> I'd also be concerned exteding that global in that way, might interfere with
> other peoples plans to extend it to be per namespace.

Thanks, Brian. I was not aware of these plans. Is there any place I can read up on that? 

AFAIC, it's primarily about the functionality and less so about the form. If there's a better way than extending $wgGroupPermissions that would be fine. My first impression was that $wgGroupPermissions just 'feels right' -- it's where I first started searching for this type of functionality.
Comment 3 Brion Vibber 2013-09-03 18:29:53 UTC 
I'd avoid the particular format suggested in the original comment -- if one wants something like this I'd recommend more like:

$wgGroupPermissions['user']['upload-ext-png'] = true;
$wgGroupPermissions['user']['upload-ext-jpeg'] = true;

or

$wgGroupPermissions['user']['upload-type-image/png'] = true;
$wgGroupPermissions['user']['upload-type-image/jpeg'] = true;

Not sure whether it's better to use extensions or types here, as neither really covers our validity checks well (which sorta check both).


More generally though, I'm not sure how best to make something like this work for the user interface; we'd need to be able to distinguish between 'can't upload anything' and 'can upload some file types', and then provide interactive UI to try to check for file type before upload and prevent upload of non-permitted types, as well as a type permission check during the upload if that gets bypassed.

It might be easier to provide a second right that confers ability to bypass the file type whitelist and upload anything not blacklisted (or even bypass the blacklist), for the occasional "it's useful to upload an .exe.zip here" or something.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links