Maniphest T419604

ClosedWikiProvider should check whether the user has UltimateAuthority
Open, Needs TriagePublic
Actions

Assigned To

None

Authored By

	Tgr
	Mar 10 2026, 9:25 PM

Project Tags

Referenced Files

None

Subscribers

Aklapper

Tgr

Description

It's very rarely needed but then it is quite annoying:

tgr@deploy2002:~$ mwscript-k8s --comment='T404334' --follow -- CentralAuth:createLocalAccount --wiki=aawiki TgrTest
⏳ Starting CentralAuth:createLocalAccount on Kubernetes as job mw-script.codfw.x4x144jf ...
🚀 Job is running.
📜 Streaming logs:
autoCreateUser failed for TgrTest:
Error: Automatic account creation is not allowed.

createLocalAccount.php uses UltimateAuthority, but ClosedWikiProvider checks account creation/autocreation rights via CentralAuthUser::hasGlobalPermission() which ignores that.

(Maybe CentralAuthUser should check the user's authority instead, but that seems like too much magic.)

Event Timeline

Tgr created this task.Mar 10 2026, 9:25 PM

Restricted Application added a project: MediaWiki-Platform-Team. · View Herald TranscriptMar 10 2026, 9:25 PM

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

(ClosedWikiProvider is in mediawiki-config, we don't really have a Phab tag for that. Should be moved to WikimediaCustomizations one day.)

Bugreporter added a project: Wikimedia-Site-requests.Mar 11 2026, 12:37 AM

A_smart_kitten moved this task from Backlog to External on the Wikimedia-Site-requests board.Mar 13 2026, 1:12 PM

JTweed-WMF moved this task from Inbox, needs triage to Not planned / Patches welcome on the MediaWiki-Platform-Team board.Mar 23 2026, 3:49 PM

ClosedWikiProvider should check whether the user has UltimateAuthorityOpen, Needs TriagePublicActions

Description

Event Timeline

ClosedWikiProvider should check whether the user has UltimateAuthority
Open, Needs TriagePublic
Actions