Page MenuHomePhabricator
Create Task
Maniphest T274844

arbcom-ru.wikipedia.org: add rights to bureaucrats usergroup
Closed, ResolvedPublic
Actions

Description

For reference: for the mechanism of transferring cases from one ArbCom to another, we need to temporarily hide some pages from the arriving arbitrators (until a decision is made on the case). It was decided that the mildest option for such hiding is to delete the corresponding page, so that recovery is possible, but logged action. Since the Administrators usergroup has the right to view deleted content, arbitrators will not be part of this group by default. To simplify the number of required groups for an arbitrator, it was decided to collect the basic necessary rights on a bureaucrats usergroup.

Please assign the following rights to Bureaucrats usergroup:

  • block
  • createaccount
  • delete
  • oathauth-enable
  • autoreview,
  • move-categorypages
  • movestable
  • move-subpages
  • move
  • move-rootuserpages
  • suppressredirect
  • tboverride
  • skipcaptcha
  • rollback

Thank you in advance!

Details

SubjectRepoBranchLines +/-
arbcom_ruwiki: Add arbcom user groupoperations/mediawiki-configmaster+20 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Carn created this task.Feb 16 2021, 7:56 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 16 2021, 7:56 AM
Carn added a parent task: T274061: arbcom-ru.wikipedia.org: read restrictions of individual pages.Feb 16 2021, 7:57 AM
Carn updated the task description. (Show Details)Feb 16 2021, 10:07 AM
Adamant.pwn updated the task description. (Show Details)Feb 16 2021, 10:16 AM
Carn added a comment.Feb 16 2021, 10:18 AM

(Adamant discovered that undelete has deletedtext in it).

Adamant.pwn added a comment.Feb 16 2021, 10:20 AM

Hey there! Sorry, we're not sure we understood everything about rights correctly, so it might be messy. What we basically want is to make for Bureaucrats on ArbCom Wiki possible to delete and undelete a page, but not to view the deleted text before the undeletion, so that access to deleted text is always logged. According to https://www.mediawiki.org/wiki/Help:Undelete the "undelete" right implies "deletedtext", so I assume it's not possible at the moment?

Urbanecm added a comment.Feb 16 2021, 11:01 AM

Hello,

I do not understand how this fixes your issue. Bureaucrats can add sysop rights to their account, meaning they can easily gain access to any case file, w/o logging which particular file they accessed.

A custom group (granted only to otherwise unprivileged users) might be a better idea. Do you agree?

Carn added a comment.Feb 16 2021, 11:24 AM

Yes, they will be able to see anything, but if they will do so - it will be logged.

If we will need to hide some info fully - we will ask temporary oversight rights.

Give some users unpriviledged status is possible, but we want to avoid it. All arbitrators are trustworthy and I sure that they can not do what they should not do, if there will be some additional technical restrictions (that are easily circumvented).

Carn added a comment.EditedFeb 16 2021, 2:50 PM

If there may be some issues with additional rights for bureaucrat usergroup and this useful rights that admin have would be better to assign to other usergroup - than such a usergroup can be called arbitrator(s), in russian - арбитр(ы). And bureaucrats need to have a ability to assign this new usergroup to users, please.

Thank you for helping us!

kr0 added a comment.Feb 16 2021, 3:05 PM
In T274844#6833027, @Urbanecm wrote:

Hello,

I do not understand how this fixes your issue. Bureaucrats can add sysop rights to their account, meaning they can easily gain access to any case file, w/o logging which particular file they accessed.

A custom group (granted only to otherwise unprivileged users) might be a better idea. Do you agree?

I agree. You can add custom group of users, call as arbitrator.

gerritbot added a comment.Feb 17 2021, 7:32 PM

Change 664892 had a related patch set uploaded (by Urbanecm; owner: Urbanecm):
[operations/mediawiki-config@master] arbcom_ruwiki: Add arbcom user group

https://gerrit.wikimedia.org/r/664892

gerritbot added a project: Patch-For-Review.Feb 17 2021, 7:32 PM
Urbanecm claimed this task.Feb 17 2021, 7:32 PM
Restricted Application added a project: User-Urbanecm. · View Herald TranscriptFeb 17 2021, 7:32 PM
gerritbot added a comment.Feb 17 2021, 7:33 PM

Change 664892 merged by jenkins-bot:
[operations/mediawiki-config@master] arbcom_ruwiki: Add arbcom user group

https://gerrit.wikimedia.org/r/664892

Stashbot added a comment.Feb 17 2021, 7:36 PM

Mentioned in SAL (#wikimedia-operations) [2021-02-17T19:36:15Z] <urbanecm@deploy1001> Synchronized wmf-config/InitialiseSettings.php: 6c5c5f0d1b83a7f05272f133c269c740af8352db: arbcom_ruwiki: Add arbcom user group (T274844) (duration: 01m 12s)

Urbanecm closed this task as Resolved.Feb 17 2021, 7:38 PM
Maintenance_bot removed a project: Patch-For-Review.Feb 17 2021, 8:10 PM
Carn added a comment.Feb 18 2021, 8:36 AM

Thank you so much!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL