Page MenuHomePhabricator

dualism between user and sysop needs to be overtaken
Open, HighPublic

Description

Some wikis, especially non-WMF ones, might have complementary user groups without clear distinction between users and administrators. So, one single user could have an account with "delete" permission, another with "editinterface" rights, etc., and use each of them for a different purpose.
Many bot-ops have multiple bot accounts for different tasks, too. Instead, Pywikibot only allows to configure one username per site.

The framework should also support CentralAuth (et similia) to automatically detect on which wikis a given account has bot/sysop/etc. rights.


Version: core-(2.0)
Severity: normal
See Also:
T67196: Cannot be logged in as user and sysop at the same time

Details

Reference
bz69283

Event Timeline

bzimport raised the priority of this task from to Needs Triage.
bzimport set Reference to bz69283.
bzimport added a subscriber: Unknown Object (????).

Having two accounts (user & sysop) breaks the 0,1,∞ design principle . https://en.wikipedia.org/wiki/Zero_one_infinity_rule

Either we have one user per APISite object, or any number of users per APISite object.

My preference is only one user per APISite, and the selection of user is done using a user-config variable or -user: command line argument. And if there are scripts which *need* to *write* using two different accounts, which is rare, they would instantiate two different site objects.

XZise added a subscriber: XZise.Feb 16 2015, 12:18 AM

But how should the script know what type of write they need? Maybe there should be a dict in the site which shows which user has which rights and then it selects from a list the first user which has that right.

@XZise , yes, that is a problem with "any number of users per APISite object" - it means APISite needs logic to determine which account to use when, and IMO that should be done in scripts with the bot operator in control, and not done inside the pywikibot library.

Change 209503 had a related patch set uploaded (by John Vandenberg):
Replace @must_be with @need_right

https://gerrit.wikimedia.org/r/209503

jayvdb added a comment.May 8 2015, 3:29 AM

After switching to need_right, I see the following tasks needed to completely remove the dualism:

  1. allow config.usernames to be a list , and move sysopnames values into config.usernames with a deprecation warning. the test class flag 'sysop' can still be supported as a static check whether the list of usernames has two values, however it would be better to replace the sysop flag with a list of rights needed for the test. however a list of rights cant be a static check, as the userinfo needs to be loaded to check
  2. allow site.login (or site.userlogin ?) to use a specific username (and maybe password- there is already a patch for this), which is then used, breaking the reliance on the config
  3. remove LoginStatus.AS_SYSOP
  4. change site.login to accept a list of rights needed, basically moving the process from need_right into login

They dont need to be done in that order, but that is how I would do it.

Some of this is playing on dangerous ground, as there are many bugs in the site login sequence.

jayvdb added a comment.May 8 2015, 3:51 AM

Tightly related, but orthogonal, is T67196, which is allows multiple accounts to be used concurrently. The code to solve that bug will be a lot more stable if it is done after step 1 (allow config.usernames to be a list of usernames per site) above.

jayvdb added a comment.May 8 2015, 9:35 AM

I mentioned this on the CS, but it will be a long standing problem so worth mentioning here.
Currently if there are two different usernames in for user and sysop, pywikibot drops down to the user account for non-sysop actions after a sysop action. It is bad behaviour on the wiki to split a sysop bots actions/edits between two accounts, which is why bot operators usually set both usernames to be the same username for a sysop bot which also performs normal edits. But we need to think about whether/how we support the prior behaviour, or fail in an orderly manner.

One approach is to set a flag when a user action has occurred, and error if the same bot attempts to perform a sysop action with a different username.

Ricordisamoa awarded a token.
This comment was removed by jayvdb.

Not to be seen in compat.

Ricordisamoa set Security to None.

By the way, I think Pywikibot should also support editing without logging in, if that's what the operator wants.

XZise added a comment.Jul 1 2015, 7:27 PM

There is a comment in @jayvdb's patch which talks about how to support that. Unfortunately it's got a bit stale because of the introduction of requests afaik.

There is a comment in @jayvdb's patch which talks about how to support that. Unfortunately it's got a bit stale because of the introduction of requests afaik.

Yea; I had a solution that was heavily tied to httplib2. I expect that multiple concurrent sessions will be easier with requests. Maybe existing packages solve the problem adequately.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 26 2015, 4:43 AM
Sn1per added a subscriber: Sn1per.Aug 26 2016, 8:37 PM
Xqt triaged this task as High priority.Apr 15 2018, 9:36 AM
Xqt moved this task from Backlog to Needs Review on the Pywikibot board.Feb 3 2019, 11:24 AM
Xqt assigned this task to jayvdb.Feb 7 2019, 4:23 PM