Page MenuHomePhabricator
Create Task
Maniphest T34595

clean up use of abusefilter-private user rights
Closed, ResolvedPublic
Actions

Description

bug 29922 removes the abusefilter-private user rights from $wgAvailableRights.

But you have to clean up the use of that user rights inside CentralAuth. The user right was assigned to the global group sysadmin while removing. It is shown as set when getting the user rights of a user with the api (see url as example).

Maybe other global groups has this right also set. Please remove it from the sysadmins group and check all other groups. The best way is, to enable the user right, remove it from [[meta:Special:GlobalGroupPermissions/sysadmin]] (which produce a log entry for transparent) and then disable it again.

Another way is to check in CentralAuth against $wgAvailableRights before giving the rights back or do permissions check. If that is better, move this bug to CentralAuth (or create/clone a new bug).

Thanks.

Version: unspecified
Severity: normal
URL: http://meta.wikimedia.org/w/api.php?action=query&meta=globaluserinfo&guiuser=Brion%20VIBBER&guiprop=groups|rights

Details

Reference
bz32595

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 12:07 AM
bzimport added projects: Wikimedia-Site-requests, Shell.
bzimport set Reference to bz32595.
bzimport added a subscriber: Unknown Object (MLST).
duplicatebug created this task.Nov 22 2011, 9:10 PM
Reedy added a comment.Nov 22 2011, 9:25 PM

I've deleted it from the CA database, and also tidied up the abuse filter config slightly

No other global groups have it set

mysql> select * from global_group_permissions where ggp_permission = 'abusefilter-private';
+-----------+---------------------+

ggp_groupggp_permission

+-----------+---------------------+

sysadminabusefilter-private

+-----------+---------------------+
1 row in set (0.01 sec)

mysql> DELETE FROM global_group_permissions where ggp_permission = 'abusefilter-private';
Query OK, 1 row affected (0.01 sec)

mysql> select * from global_group_permissions where ggp_permission = 'abusefilter-private';
Empty set (0.00 sec)

duplicatebug added a comment.Nov 23 2011, 5:50 PM

The api result looks now ok. All caches should have now the right values.

Thanks.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL