In most projects, bureaucrats can grant sysop and bureaucrat status but not remove it later. However I noticed that with this system that can be bypassed by changing the permanent flag into a temporary (1 second) flag to get it removed. Given the potential for abuse and untransparency, I suggest that this not be allowed. If a user group is not allowed to remove an userright after being granted, they should not be able to modify it afterwards.
|mediawiki/core||master||+63 -16||Prevent use of expiries to circumvent restrictions on removing user groups|
|Resolved||TTO||T12493 Setting a temporary usergroup (allow expiry of user rights via Special:UserRights form)|
|Resolved||TTO||T156784 Expiring userrights: prevent circumventing of local removal restrictions|
|Open||None||T161595 Allow users who can remove but not add a right to shorten userrights expiry|
Good catch, MA, I hadn't even thought of this!
To me, the ideal way to prevent abuse would be, where a user can only add the group and not remove it, to only allow that user to increase the expiry date. Decreasing the expiry date would require both add and remove rights. To keep things simple, users with remove rights could only remove permissions (as now), not adjust the expiry date. How does that sound?
- users with add rights but not remove: allow them to just augment/increase expiry date in case the right was temporarily granted.
- I'd say works for me. However if the right was permanently granted I'd suggest that the expiry form be hidden for them since you can't increase the duration of an indefinitely granted user right.
- users with add and remove: I'd say that those should be able to adjust permissions and even convert indef rights in temp. rights. But if the later is deemed too complicated for now, I'm fine with the "remove, re-grant temporary" strategy.