For a certain local reason, I had to remove users and user rights from a small 1.31 (now: 1.31.3) wiki.
Do so I just noticed an -me- alarming problem:
In short:
It looks to me, as if the "user" "edit" right is incorrectly treated in calculation of derived user rights like move, createpage, createtalk, and, may be other rights.
Referring to documentation: https://www.mediawiki.org/wiki/Manual:User_rights/en#List_of_permissions
Documentation says (specifically: "requires the edit right")
createpage Create pages (which are not discussion pages) - requires the edit right *, user 1.6+ createtalk Create discussion pages - requires the edit right *, user 1.6+ edit Edit pages *, user 1.5+ editsemiprotected Edit pages protected as "Nur automatisch bestätigten Benutzern erlauben" - without cascading protection autoconfirmed, bot, sysop 1.22+ editprotected Edit pages protected as "Nur Administratoren erlauben" - without cascading protection sysop 1.13+ minoredit Mark edits as minor user 1.6+ move Move pages - requires the edit right user, sysop 1.5+
My LocalSettings.php:
# Prevent new user registrations except by sysops $wgGroupPermissions['*']['createaccount'] = false; $wgGroupPermissions['*']['edit'] = false; $wgGroupPermissions['*']['createtalk'] = false; # $wgGroupPermissions['user']['createtalk'] = false; $wgGroupPermissions['user']['edit'] = false; # $wgGroupPermissions['user']['move'] = false; # $wgGroupPermissions['user']['createpage'] = false;
Alarming observation
- With the above setting - with the comment lines -, the user rights "createpage", "move", "createtalk" are still set! as shown by in SpecialPage:ListGroupRights
I had to explictly reset the specific rights to remove them from being active and shown on that page.