Page MenuHomePhabricator
Create Task
Maniphest T14518

Cross-wiki userrights should use groups from target wiki instead of local wiki
Open, LowPublic
Actions

Description

Some wikis, e.g. Hungarian Wikipedia (see T14085), have a patroller user group and bureaucrats on those projects can place users in that group and remove them from it. However, stewards aren't able to do the same. Even though it is quite unlikely that stewards would need to change that group, there should be a patroller group (if nothing, then at least for consistency's sake) in the Userrights interface for stewards when dealing with wikis that do have that user group. This shouldn't be too hard to fix, I imagine.

Additionally, if the user group exists on the local wiki but not the target wiki, the user is added to a group that doesn't really exist

Details

Reference
bz12518
Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Introduce UserGroupConfigReader to correctly load groups of other wikismediawiki/coremaster+118 -63
Fetch groups from target wiki on Special:Userrightsmediawiki/coremaster+33 -28
SpecialUserrights: Make use of UserGroupManagermediawiki/coremaster+16 -2
Fetch cross-wiki user groups from target wiki instead of assuming localmediawiki/coremaster+44 -7
Customize query in gerrit

Related Objects
Search...

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes
vvv added a comment.Jan 31 2008, 5:25 PM

(In reply to comment #7)

  1. Use some API thingy to fetch remote list of available groups (wouldn't work

for private wikis)

Why?

bzimport added a comment.Feb 1 2008, 12:37 AM

bugs wrote:

(In reply to comment #8)

(In reply to comment #7)

  1. Use some API thingy to fetch remote list of available groups (wouldn't work

for private wikis)

Why?

api is disabled on private wikis due to the possible security vulnerability.

vvv added a comment.Feb 1 2008, 4:03 AM

(In reply to comment #9)

(In reply to comment #8)

(In reply to comment #7)

  1. Use some API thingy to fetch remote list of available groups (wouldn't work

for private wikis)

Why?

api is disabled on private wikis due to the possible security vulnerability.

Also, we should note that Special:Userrights doesn't know URIs of other wikis (does it?)

dungodung added a comment.Feb 9 2008, 6:31 PM

Generalized the bug title to all non-global user rights.

Also, I've made a script that dynamically checks for projects with additional user rights: http://tools.wikimedia.de/~dungodung/cgi-bin/availrights

And re comment #7: 2) seems to be the cleanest way (and also quite an easy one) to do it, IMHO.

werdna added a comment.Aug 17 2008, 9:39 AM

Generalising title further.

werdna added a comment.Aug 17 2008, 9:39 AM
  • Bug 15193 has been marked as a duplicate of this bug. ***
brooke added a comment.Aug 19 2008, 5:42 PM

r39582 was labeled as "(bug 12518) Interwiki userrights now reflects remote groups, not local groups."

I've reverted this in r39650 as it won't actually work; it checks the InitialiseSettings.php settings array for $wgGroupPermissions, but we don't set the group permissions that way. Instead, a couple of override arrays are set which get applied on top of the default $wgGroupPermissions.

vvv added a comment.Aug 19 2008, 6:10 PM

(In reply to comment #14)

r39582 was labeled as "(bug 12518) Interwiki userrights now reflects remote
groups, not local groups."

I've reverted this in r39650 as it won't actually work; it checks the
InitialiseSettings.php settings array for $wgGroupPermissions, but we don't set
the group permissions that way. Instead, a couple of override arrays are set
which get applied on top of the default $wgGroupPermissions.

That's why Andrew also modified $wgConf in r39577

werdna added a comment.Oct 24 2008, 11:50 PM
  • Bug 16099 has been marked as a duplicate of this bug. ***
werdna added a comment.Jun 18 2009, 9:16 AM
  • Bug 19272 has been marked as a duplicate of this bug. ***
werdna added a comment.Jul 27 2009, 4:17 PM

It would be simple to apply this patch and develop some way of using wgGroupPermissions properly instead of strange override arrays.

bzimport added a comment.Dec 31 2009, 5:16 AM

mike.lifeguard+bugs wrote:

(In reply to comment #15)

That's why Andrew also modified $wgConf in r39577

Does that mean it should be un-reverted? Or is a different solution still required?

bzimport added a comment.Feb 15 2010, 6:57 AM

mike.lifeguard+bugs wrote:

Please don't set bugs as RESOLVED LATER without good reason. Generally, that should be done only by a developer who is actually involved with fixing the bug.

Krenair added a comment.Dec 1 2012, 12:23 AM

Gerrit change 36330

bzimport added a comment.Dec 1 2012, 7:37 AM

quentinv57 wrote:

Many thanks for fixing this bug, Krenair.

Krenair added a comment.Jan 1 2013, 4:19 AM

Chris Steipp's comment on the Gerrit change: "This looks ok to me, but someone who's a little more familiar with this bug should take a look and make sure this addresses all the issues."

Snowolf added a comment.Jan 16 2013, 8:11 PM

Any chance we can find somebody else to look over and see if the patch can be approved? This would very very useful to have for us stewards.

bzimport added a comment.Feb 1 2013, 7:24 PM

quentinv57 wrote:

Any progress ?

If nobody can check it, I could take a look myself but I'm not sure to be the kind of people Krenair is waiting for...

Aklapper added a comment.Mar 25 2013, 4:24 PM

There are a few people added as reviewer in Gerrit - probably best to ping there, but Alex has already commented on Tim's review.

Krenair added a comment.Mar 25 2013, 5:15 PM

Chris and Tim discovered that WMF's config doesn't work with this patch, so other people will either have to find a different way to do it or we need to change how WMF's config sets up group permissions. I suspect there will be issues with things like extensions.

Snowolf subscribed.Nov 24 2014, 4:06 PM
werdna unsubscribed.Dec 10 2014, 5:45 PM
Qgil subscribed.Jan 12 2015, 12:07 PM

@Krenair, this is one of the oldest tasks assigned to someone. Are you planning to work on it, and is the current priority correct?

Krenair added a comment.Jan 12 2015, 12:09 PM

@Qgil, this is Patch-For-Review

gerritbot subscribed.Feb 14 2015, 3:39 PM

Change 36330 had a related patch set uploaded (by Qgil):
Fetch cross-wiki user groups from target wiki instead of assuming local

https://gerrit.wikimedia.org/r/36330

Patch-For-Review

Luke081515 awarded a token.Aug 27 2015, 5:36 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 27 2015, 5:36 AM
Luke081515 subscribed.Sep 13 2015, 4:11 PM
gerritbot added a comment.Sep 19 2015, 1:52 AM

Change 36330 abandoned by Alex Monk:
Fetch cross-wiki user groups from target wiki instead of assuming local

https://gerrit.wikimedia.org/r/36330

Krenair removed Krenair as the assignee of this task.Sep 19 2015, 1:52 AM
Legoktm added a project: Stewards-and-global-tools.Oct 27 2015, 4:58 PM
Krenair mentioned this in T119100: Increase MinimalPasswordLength to 8 for several local and global groups.Dec 11 2015, 2:45 AM
revi subscribed.Dec 11 2015, 5:50 AM
Meno25 unsubscribed.Feb 22 2016, 6:19 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptFeb 22 2016, 6:19 PM
DerHexer subscribed.May 16 2016, 6:23 PM
matej_suchanek removed a project: Patch-For-Review.May 19 2016, 8:55 AM
matej_suchanek updated the task description. (Show Details)
Qgil unsubscribed.May 19 2016, 8:25 PM
MarcoAurelio removed a parent task: T43492: [DO NOT USE] Steward, global sysop and SWMT tasks bugs (tracking) [superseded by #Stewards-and-global-tools].Jan 11 2017, 11:40 PM
Matanya moved this task from Untriaged to Low priority on the Stewards-and-global-tools board.Apr 19 2017, 8:43 PM
Krenair mentioned this in T208035: Remove global action related permissions except meta wikimedia.Oct 26 2018, 5:38 PM
Rxy added a project: User-Rxy.Oct 26 2018, 7:33 PM
Rxy moved this task from Backlog to ToDo on the User-Rxy board.
Amire80 moved this task from Backlog to User rights on the Crosswiki board.Nov 15 2019, 4:40 PM
Bugreporter added a parent task: T252814: Unused local "stewards" group (finding situations that local stewards groups are used).May 14 2020, 8:05 PM
MarcoAurelio mentioned this in T252814: Unused local "stewards" group (finding situations that local stewards groups are used).May 14 2020, 8:09 PM
Ammarpad removed a parent task: T252814: Unused local "stewards" group (finding situations that local stewards groups are used).May 15 2020, 1:31 PM
RhinosF1 subscribed.May 15 2020, 1:35 PM
Bugreporter added a parent task: T252814: Unused local "stewards" group (finding situations that local stewards groups are used).May 15 2020, 2:42 PM
Pppery merged a task: T263039: Interwiki rights management should show target wiki's user groups.Sep 16 2020, 4:36 PM
Pppery added subscribers: Urbanecm, DannyS712.
gerritbot added a comment.Sep 16 2020, 4:37 PM

Change 627792 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/core@master] SpecialUserrights: Make use of UserGroupManager

https://gerrit.wikimedia.org/r/627792

gerritbot added a project: Patch-For-Review.Sep 16 2020, 4:37 PM
DannyS712 claimed this task.Sep 16 2020, 4:37 PM
Restricted Application added a project: User-DannyS712. · View Herald TranscriptSep 16 2020, 4:37 PM
Xaosflux subscribed.Sep 16 2020, 8:57 PM
CptViraj subscribed.Sep 17 2020, 4:07 AM
DannyS712 mentioned this in T263207: The `UserrightsPage` class is not safe to extend.Sep 17 2020, 10:24 PM
gerritbot added a comment.Sep 18 2020, 1:58 AM

Change 627792 merged by jenkins-bot:
[mediawiki/core@master] SpecialUserrights: Make use of UserGroupManager

https://gerrit.wikimedia.org/r/627792

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.10; 2020-09-22).Sep 18 2020, 2:02 AM
DannyS712 removed a project: Patch-For-Review.Sep 18 2020, 2:03 AM

Can't really proceed until T263207: The `UserrightsPage` class is not safe to extend is cleaned up

DannyS712 changed the task status from Open to Stalled.Sep 20 2020, 5:38 PM
DannyS712 moved this task from Unsorted to Later on the User-DannyS712 board.
Krinkle unsubscribed.Sep 21 2020, 5:12 PM
DannyS712 updated the task description. (Show Details)Oct 22 2020, 11:32 PM
DannyS712 removed DannyS712 as the assignee of this task.Feb 18 2021, 5:14 AM

unlicking for now

Zabe subscribed.Oct 4 2021, 11:56 PM
Zabe claimed this task.Feb 13 2022, 3:12 PM
Zabe added a subtask: T263207: The `UserrightsPage` class is not safe to extend.
gerritbot added a comment.Feb 13 2022, 4:49 PM

Change 762117 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@master] Fetch groups from target wiki on Special:Userrights

https://gerrit.wikimedia.org/r/762117

gerritbot added a project: Patch-For-Review.Feb 13 2022, 4:49 PM
Zabe added a comment.Feb 13 2022, 11:59 PM

This is now blocked on T255213.

Zabe added a subtask: T255213: Create a mechanism for loading configuration for sister site.Feb 13 2022, 11:59 PM
Stang subscribed.May 11 2022, 2:52 PM
gerritbot added a comment.Jan 16 2023, 8:16 PM

Change 762117 abandoned by Umherirrender:

[mediawiki/core@master] Fetch groups from target wiki on Special:Userrights

Reason:

Handled by Iade0cc0e75870ec64dd5f9e7a6929f031f9b5629

https://gerrit.wikimedia.org/r/762117

Pppery removed a project: Patch-For-Review.Apr 2 2023, 1:17 AM
Pppery mentioned this in T368577: Unable to add/remove "researcher" user right on English Wikipedia.Jun 26 2024, 7:47 PM
Novem_Linguae subscribed.Jun 26 2024, 8:18 PM
Johannnes89 subscribed.Jun 26 2024, 8:28 PM
Zabe mentioned this in T372046: Special:UserRights can assign rights to temporary accounts on wikis where temporary accounts are not enabled.Aug 8 2024, 3:06 PM
1F616EMO mentioned this in T418089: Remove "accountcreator" and allow "event-organizer" to add and remove "event participant" in zhwiki.Feb 26 2026, 2:44 PM
1F616EMO subscribed.Feb 26 2026, 2:50 PM
1F616EMO added a comment.Feb 26 2026, 3:03 PM

I wonder why we can't grant userrights to all stewards on all wikis via the global user group, if we can allow them to self-promote to local stewardship and essentially gain the same right. No hacks would be needed if we handle everything locally.

Xaosflux added a comment.Feb 26 2026, 3:28 PM
In T14518#11654861, @1F616EMO wrote:

I wonder why we can't grant userrights to all stewards on all wikis via the global user group, if we can allow them to self-promote to local stewardship and essentially gain the same right. No hacks would be needed if we handle everything locally.

We could, we chose not to. That isn't a technical limitation. Socially, stewards are not meant to act locally when a community can self-service - so we purposefully leave this off.

gerritbot added a comment.Mar 13 2026, 5:04 PM

Change #1251483 had a related patch set uploaded (by Zabe; author: Zabe):

[mediawiki/core@master] Introduce UserGroupConfigReader to correctly load groups of other wikis

https://gerrit.wikimedia.org/r/1251483

gerritbot added a project: Patch-For-Review.Mar 13 2026, 5:04 PM
Zabe changed the task status from Stalled to Open.Mar 13 2026, 5:21 PM
Zabe added a project: Hackathon-Northwestern-Europe-2026.
A_smart_kitten subscribed.Mar 13 2026, 5:51 PM
Bugreporter mentioned this in T421796: Close 31 editions of Wikinews on 2026-05-04 (make them read-only).May 7 2026, 12:55 PM
Novem_Linguae renamed this task from Cross-wiki userrights should use groups from target wiki instead local wiki to Cross-wiki userrights should use groups from target wiki instead of local wiki.May 7 2026, 12:59 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits