Page MenuHomePhabricator

clean up use of abusefilter-private user rights
Closed, ResolvedPublic


bug 29922 removes the abusefilter-private user rights from $wgAvailableRights.

But you have to clean up the use of that user rights inside CentralAuth. The user right was assigned to the global group sysadmin while removing. It is shown as set when getting the user rights of a user with the api (see url as example).

Maybe other global groups has this right also set. Please remove it from the sysadmins group and check all other groups. The best way is, to enable the user right, remove it from [[meta:Special:GlobalGroupPermissions/sysadmin]] (which produce a log entry for transparent) and then disable it again.

Another way is to check in CentralAuth against $wgAvailableRights before giving the rights back or do permissions check. If that is better, move this bug to CentralAuth (or create/clone a new bug).


Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 12:07 AM
bzimport set Reference to bz32595.
bzimport added a subscriber: Unknown Object (MLST).

I've deleted it from the CA database, and also tidied up the abuse filter config slightly

No other global groups have it set

mysql> select * from global_group_permissions where ggp_permission = 'abusefilter-private';




1 row in set (0.01 sec)

mysql> DELETE FROM global_group_permissions where ggp_permission = 'abusefilter-private';
Query OK, 1 row affected (0.01 sec)

mysql> select * from global_group_permissions where ggp_permission = 'abusefilter-private';
Empty set (0.00 sec)

The api result looks now ok. All caches should have now the right values.