Page MenuHomePhabricator
Create Task
Maniphest T414912

Support private user group conditions
Closed, ResolvedPublic
Actions

Description

Background

Currently, if a performer-target pair doesn't meet conditions for a given group, the relevant checkbox on Special:UserRights is going to be disabled.

This works fine if conditions are based on publicly-accessible data, such as account age, number of edits etc. However, some conditions, such as whether the user has 2FA configured are deemed 'private' and therefore their status should not be proactively advertised.

Acceptance criteria

  • Implement a mechanism that defines certain $wgRestrictedGroups conditions as private.
  • Checkboxes on Special:UserRights for groups using private conditions should be enabled, regardless of whether the conditions are met or not.
  • Trying to assign a user, which doesn't meet conditions, to a group using private condition should fail with an error message explaining what happened.
  • Extensions should be able to react to the above-mentioned failures. (extracted to T415491)

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Special:UserRights: Display error when adding disallowed groupsmediawiki/coremaster+280 -6
Support private conditions in UserGroupAssignmentServicemediawiki/coremaster+89 -19
Don't expose private group requirements upfront on Special:UserRightsmediawiki/coremaster+71 -3
Support defining private user requirements conditionsmediawiki/coremaster+161 -17
Customize query in gerrit

Related Objects
Search...

Event Timeline

mszwarc created this task.Jan 19 2026, 9:14 AM
mszwarc mentioned this in T414913: Log attempts to grant 2FA-requiring groups to 2FA-less users.Jan 19 2026, 9:20 AM
mszwarc moved this task from Backlog to Ready on the Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)) board.
Johannnes89 subscribed.Jan 19 2026, 3:04 PM
mszwarc changed the task status from Open to In Progress.Jan 20 2026, 9:08 AM
mszwarc claimed this task.
mszwarc moved this task from Ready to In progress on the Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)) board.
gerritbot added a comment.Jan 20 2026, 12:36 PM

Change #1229111 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Support defining private user requirements conditions

https://gerrit.wikimedia.org/r/1229111

gerritbot added a project: Patch-For-Review.Jan 20 2026, 12:36 PM
mszwarc moved this task from In progress to Needs review on the Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)) board.Jan 20 2026, 12:37 PM
gerritbot added a comment.Jan 21 2026, 10:48 AM

Change #1229533 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Don't expose private group requirements upfront

https://gerrit.wikimedia.org/r/1229533

gerritbot added a comment.Jan 21 2026, 3:19 PM

Change #1229111 merged by jenkins-bot:

[mediawiki/core@master] Support defining private user requirements conditions

https://gerrit.wikimedia.org/r/1229111

gerritbot added a comment.Jan 22 2026, 8:53 AM

Change #1230244 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Don't expose private group requirements upfront on Special:UserRights

https://gerrit.wikimedia.org/r/1230244

gerritbot added a comment.Jan 22 2026, 11:53 AM

Change #1229533 merged by jenkins-bot:

[mediawiki/core@master] Support private conditions in UserGroupAssignmentService

https://gerrit.wikimedia.org/r/1229533

gerritbot added a comment.Jan 23 2026, 12:27 PM

Change #1230244 merged by jenkins-bot:

[mediawiki/core@master] Don't expose private group requirements upfront on Special:UserRights

https://gerrit.wikimedia.org/r/1230244

Maintenance_bot removed a project: Patch-For-Review.Jan 23 2026, 12:31 PM
gerritbot added a comment.Jan 23 2026, 12:47 PM

Change #1230916 had a related patch set uploaded (by Mszwarc; author: Mszwarc):

[mediawiki/core@master] Special:UserRights: Display error when adding disallowed groups

https://gerrit.wikimedia.org/r/1230916

gerritbot added a project: Patch-For-Review.Jan 23 2026, 12:47 PM
mszwarc updated the task description. (Show Details)Jan 26 2026, 8:59 AM
gerritbot added a comment.Jan 27 2026, 11:59 AM

Change #1230916 merged by jenkins-bot:

[mediawiki/core@master] Special:UserRights: Display error when adding disallowed groups

https://gerrit.wikimedia.org/r/1230916

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.14; 2026-02-03).Jan 27 2026, 12:00 PM
Maintenance_bot removed a project: Patch-For-Review.Jan 27 2026, 12:32 PM
mszwarc closed this task as Resolved.Jan 27 2026, 12:42 PM
mszwarc moved this task from Needs review to Done on the Product Safety and Integrity (Sprint Daffodil (Jan 19 - Feb 6)) board.
mszwarc updated the task description. (Show Details)
mszwarc mentioned this in T416482: Update documentation on MediaWiki.org to reflect additions in PSI Daffodil sprint, related to 4.6.5 Tech enforcement.Feb 4 2026, 2:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits