Page MenuHomePhabricator
Create Task
Maniphest T14195

Deleted revisions permission scheme is wacky
Closed, ResolvedPublic
Actions

Description

Some research shows that the following restrictions are enforced:

  1. To delete pages, the 'delete' right is required (that's logical)
  2. To view deleted revision metadata (timestamps, comments, users), the 'deletedhistory' right is required (also makes sense)
  3. To view deleted revision *content*, the 'delete' right is required (?!?)
  4. To restore deleted revisions, the 'delete' right is also required (also wacky).

IMO, the following should happen:

  • A separate 'undelete' right should be created
  • Viewing deleted revisions, *including content*, should be possible with the 'deletedhistory' right
  • Restoring them should be possible with the 'undelete' right

One could argue that being able to view deleted revision content is just a copy+paste away from being able to restore them. Alternatively, 'deletedhistory' and 'undelete' could be merged.

Either way, the situation as it is now (undeletion requiring the 'delete' right) doesn't make sense.

Version: 1.12.x
Severity: enhancement

Details

Reference
bz12195

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 10:01 PM
bzimport added a project: MediaWiki-General.
bzimport set Reference to bz12195.
bzimport added a subscriber: Unknown Object (MLST).
Catrope created this task.Dec 4 2007, 3:21 PM
bzimport added a comment.Dec 4 2007, 3:41 PM

rotemliss wrote:

"deletedhistory" right should not be changed to include the content, as it breaks backwards compatibility and may grant the users permissions they are intended to get. It is possible to have a "viewdeletedcontent" right.

Splitting the "delete" permission to "delete" (for deletions) and "undelete" (for restorations and viewing deleted content) makes sense.

Merging "deletedhistory" and "undelete" doesn't make sense, as it means an all-or-nothing situation: Either you can do everything with deleted content, or you can do nothing. However, the current "deletedhistory" permission is much more harmless than the merged one: Just viewing the information about deleted revisions, conveniently viewing the deletion log and matching it to the versions. It only means summaries cannot be hidden. This right was even granted to all the users by default for some months. Viewing the actual content may be problematic in case of copyvios, but viewing the information is generally harmless.

Catrope added a comment.Dec 4 2007, 3:43 PM

(In reply to comment #1)

Merging "deletedhistory" and "undelete" doesn't make sense, as it means an
all-or-nothing situation

True, some people will want to retain the current metadata/content split.

Catrope added a comment.Dec 4 2007, 8:34 PM

I split off the 'undelete' right from the 'delete' right in r28151.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits