Page MenuHomePhabricator
Create Task
Maniphest T203083

"Administrator" is hardcoded in various permission error messages
Open, Needs TriagePublic
Actions

Description

A number of error messages either just assume that administrators can always do X and have that hardcoded (e.g. undeletehistorynoadmin) or assume that if a group has right X then it also has the right to do X on the current page and just say "you should be a member of <these groups> to do X" when actually those groups can't do it either (pretty much everything using the badaccess-groups message does that).

This results in misleading error messages after T190015: Create separate user group for editing sitewide CSS/JavaScript that does not include administrators by default (and before that for any extension making non-trivial rights management changes, presumably).

Related Objects

Event Timeline

Tgr created this task.Aug 29 2018, 1:24 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 29 2018, 1:24 PM
Tgr mentioned this in T202989: Administrators can no longer view deleted history of js/css pages.Aug 29 2018, 1:25 PM
RP88 subscribed.Aug 29 2018, 1:27 PM
BethNaught subscribed.Aug 29 2018, 1:27 PM
Amorymeltzer subscribed.Aug 29 2018, 2:28 PM
Thryduulf subscribed.Aug 29 2018, 9:28 PM
ToBeFree awarded a token.Aug 29 2018, 11:06 PM
ToBeFree subscribed.
MGChecker subscribed.Aug 31 2018, 8:43 PM
Framawiki subscribed.Sep 1 2018, 3:26 PM
AfroThundr3007730 subscribed.Nov 26 2018, 12:04 AM
Tgr merged a task: T211448: Wrong error message when trying to view/restore JavaScript page (sysop, not interface admin).Dec 7 2018, 10:06 PM
Tgr added a subscriber: Skalman.
Tgr mentioned this in T180888: All permission checks should be able to return a custom error message.Dec 22 2018, 7:44 PM
DannyS712 subscribed.Mar 8 2019, 6:25 AM
Krinkle renamed this task from "Administrator" is hardcoded in various permission error messages to "Administrator" is hardcoded in various permission error messages.Apr 1 2019, 3:52 PM
Ammarpad mentioned this in T216459: Admin on nl.wp gets "You don't have the right to view a deleted page" after deleting a JS page.Nov 16 2019, 5:56 PM
Masumrezarock100 awarded a token.Dec 21 2019, 4:22 AM
Masumrezarock100 subscribed.
Ammarpad mentioned this in T241318: Unable to access deleted revisions of a page.Dec 22 2019, 12:58 PM
ST47 subscribed.Dec 22 2019, 1:03 PM

I'm told in T241318 that administrators cannot view the content of deleted css/js pages. So, is it a bug that I can see those edits in Special:DeletedContributions and Special:RevisionDelete?

Masumrezarock100 added a comment.Dec 22 2019, 6:37 PM
In T203083#5759382, @ST47 wrote:

I'm told in T241318 that administrators cannot view the content of deleted css/js pages. So, is it a bug that I can see those edits in Special:DeletedContributions and Special:RevisionDelete?

T202989: Administrators can no longer view deleted history of js/css pages

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits