Page MenuHomePhabricator
Create Task
Maniphest T409617

Propagate interface-editor user group to all WMF wikis
Closed, DeclinedPublic
Actions

Description

Since the Gadgets extension introduced the package option and made it possible to require other modules, some communities have wished if they could rely on bots to automatically update JSON modules in the MediaWiki namespace. However, this has always been somewhat challenging due to security concerns as such bots would need sysop or interface-admin rights unless there is a project-specific user group with the editsitejson permission.

To resolve this dilemma, it may be good to create a user group like interface-editor on all wikis, with the following permissions:

  • Edit the user interface (editinterface)
  • Edit sitewide JSON (editsitejson)
  • Enable two-factor authentication (oathauth-enable)

The idea is to create a subset group of interface-admin so that it will be easier to operate such bots even if the operator doesn't have exclusive rights.

In fact, many projects already have interface-editor as a custom user group (see core-Permissions.php). That said, I believe it would be reasonable to update configurations so that interface-editor will no longer be a "custom" user group.

See also the following discussions that mention the dilemma described above:

Acceptance criteria

  • Standardize interface-editor user group across all WMF wikis
  • Retain existing user right assignments for projects that already have the user group.

Event Timeline

Dragoniez created this task.Nov 8 2025, 4:33 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 8 2025, 4:33 AM
JJPMaster awarded a token.Nov 8 2025, 4:35 AM
Pppery awarded a token.Nov 8 2025, 6:57 AM
Pppery subscribed.

I oppose trampling over communities' autonomy by creating a group on all wikis. Individual wikis that want this can go through the site requests process themselves; we shouldn't pre-judge for them.

HideonRosie subscribed.Nov 9 2025, 3:51 AM

My opinion is the same with Pppery.

Johannnes89 subscribed.Nov 9 2025, 6:22 AM
Leaderboard subscribed.Nov 9 2025, 11:23 AM

This is a tricky one, and I can see both sides to this. That being said, I think it should be enough to give interface-admin to bots in such a situation.

Superpes15 subscribed.Nov 9 2025, 4:15 PM

I agree with Pppery. We should let individual communities decide on this. Furthermore, the use case isn't too broad (currently only 9 projects out of over 800 have this flag enabled and 3 of them don't have any interface editors at the moment), and, if needed, a community can discuss it locally and easily request the flag here imho!

Pppery closed this task as Declined.Nov 9 2025, 4:17 PM
A_smart_kitten subscribed.Nov 9 2025, 4:41 PM

(For the record, if this is a request to change user-group configuration on all WMF wikis, should it be proposed on Meta-Wiki via a global RfC, rather than here on Phabricator?)

Leaderboard added a comment.Nov 10 2025, 4:55 AM

@A_smart_kitten This will require a global RfC.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits