| Strainu | |
| Oct 22 2025, 1:43 PM |
| F70345618: abusefilter-revert (1).png | |
| Nov 22 2025, 7:25 AM |
| F70345572: abusefilter-revert.png | |
| Nov 22 2025, 7:25 AM |
Per the discussion here non-private abuse filters have their details visible to everyone. However, per the documentation, they should only be visible only to the sysops.
I consider the documented version to be correct, as these are things that we don't want on Wikis, so we shouldn't display them publicly. If this is configurable, we can start an on-wiki discussion about changing the config.
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| rowiki: Redefine AbuseFilter permission model | operations/mediawiki-config | master | +17 -6 |
This doesn't look like a bug to me. Rather, it's how the abusefilter-log-detail user right is configured for rowiki (although I'm not sure when this was configured this way).
Forever — that line was last touched in 2013: https://gerrit.wikimedia.org/r/plugins/gitiles/operations/mediawiki-config/+/cc21e87e48e717cf36945b864f0a3d59182524fa
@Strainu If the rowiki community hopes to restrict the right to sysops, we'll just want to replace the line mentioned above with:
$wgGroupPermissions['autoconfirmed']['abusefilter-log-detail'] = false;
This will detach the right from *, autoconfirmed, and confirmed.
I'll note that "everyone has abusefilter-log-detail" is a very common configuration on WMF wikis (enwiki does it, for instance), and the base state in that config if a wiki doesn't override it is to give it to autoconfirmed users. The AbuseFilter documentation that's linked describes the extension's defaults, not the actual configured state.
It'd be fine to change it, but since it's been the way it is for over a decade it'd probably be good to make sure there's actually community consensus to do so.
Per the discussion here, the community would like the following config:
I believe the following config will implement this, but I would require a confirmation:
$wgGroupPermissions['*']['abusefilter-view'] = false; $wgGroupPermissions['*']['abusefilter-log'] = false; $wgGroupPermissions['*']['abusefilter-modify'] = false; $wgGroupPermissions['*']['abusefilter-view-private'] = false; $wgGroupPermissions['*']['abusefilter-log-detail'] = false; $wgGroupPermissions['*']['abusefilter-privatedetails-log'] = false; $wgGroupPermissions['autoconfirmed']['abusefilter-view'] = true; $wgGroupPermissions['extendedconfirmed']['abusefilter-log'] = true; // includes the previous rule, since extendedconfirmed users include autoconfirmed $wgGroupPermissions['patroller']['abusefilter-log-detail'] = true; // includes the previous $wgGroupPermissions['sysop']['abusefilter-log-detail'] = true; $wgGroupPermissions['sysop']['abusefilter-view-private'] = true; $wgGroupPermissions['sysop']['abusefilter-privatedetails-log'] = true; $wgGroupPermissions['abusefilter']['abusefilter-modify'] = true; $wgGroupPermissions['abusefilter']['abusefilter-modify-restricted'] = true; $wgGroupPermissions['abusefilter']['abusefilter-revert'] = true;
Change #1208329 had a related patch set uploaded (by Dragoniez; author: Dragoniez):
[operations/mediawiki-config@master] rowiki: Redefine AbuseFilter permission model
@Strainu Could you perhaps elaborate a bit on "abusefilter editors can have full control", especially:
I agree with you on the first two: yes and no.
For the 3rd one, I need more details. What is a protected filter? What is the link between temporary accounts (or even T&S) and access to protected filters?
A protected filter is when an abuse filter uses user_unnamed_ip, or any of the variables listed at Extension:IPReputation/AbuseFilter variables; these variables can permanently protect a filter and subsequently cannot be reversed (access is restricted to administrators by default).
user_unnamed_ip is used to retrieve the IPs of temporary accounts from abuse filters, and the IPReputation abuse filter variables are used to detect if the IP behind the temporary account is a proxy or not.
Thank you! At this stage this is irrelevant for rowiki, so we can go with "No" for question number 3.
To clarify, these are simply sample answers that reflect my own personal biases.
I've noted that "full control" doesn't include abusefilter-modify-restricted and abusefilter-access-protected-vars for the abusefilter user group.
@Strainu Can you please confirm that the rowiki community wants to assign abusefilter-revert to this group? Given your answer above, we will disallow non-sysop abusefilter editors from modifying filters involving restricted actions. The abusefilter-revert right will allow them to revert such actions. Some communities may find this useful because non-sysops would be able to undo false-positive blockautopromote consequences quickly, while others may consider this to be permission overreach.
Does the local community agree with this arragement? Please confirm.
@Dragoniez, I think we're going into too much detail here and it becomes confusing. I'm pretty sure that all the users from the community that would actually understand such details are already cc'd.
Also, currently all abuse filter editors are also sysops, so the differences are moot for us.
Let's do it this way: the purpose of this task is to limit the visibility of the logs to some users. So, please implement the rules that we discussed in the community and I described in plain English above. For other advanced use cases like the ones you describe, let's keep the behavior as is now.
Fair enough. (Please understand, however, that any patch submitter would have needed to confirm the details of "full control".)
Right. I think it's in the spirit of the request to rephrase the last requirement as "abusefilter editors should have all the rights from the lines above". If you confirm that doesn't raises more issues, I can go with that to the community.
Change #1208329 merged by jenkins-bot:
[operations/mediawiki-config@master] rowiki: Redefine AbuseFilter permission model
Mentioned in SAL (#wikimedia-operations) [2025-11-24T15:03:31Z] <lucaswerkmeister-wmde@deploy2002> Started scap sync-world: Backport for [[gerrit:1208329|rowiki: Redefine AbuseFilter permission model (T407978)]]
Mentioned in SAL (#wikimedia-operations) [2025-11-24T15:08:08Z] <lucaswerkmeister-wmde@deploy2002> lucaswerkmeister-wmde, dragoniez: Backport for [[gerrit:1208329|rowiki: Redefine AbuseFilter permission model (T407978)]] synced to the testservers (see https://wikitech.wikimedia.org/wiki/Mwdebug). Changes can now be verified there.
Mentioned in SAL (#wikimedia-operations) [2025-11-24T15:16:33Z] <lucaswerkmeister-wmde@deploy2002> Finished scap sync-world: Backport for [[gerrit:1208329|rowiki: Redefine AbuseFilter permission model (T407978)]] (duration: 13m 02s)
Done. Please check the new permission model on-site, and if anything comes up, please file another task (the more detailed the task description is, the better).
Let me note that the deployer was a bit concerned that it wasn't very clear which parts of the overall changes were explicitly agreed upon. For example, if the community is uncomfortable in any way with sysops having abusefilter-view-private and abusefilter-log-private by default under the new model, please start a new local discussion, ideally with an indexed list of proposed changes. That way, it will be easier to confirm which points are supported and which are not.