Page MenuHomePhabricator
Create Task
Maniphest T71607

introduce new user right to edit cascade-protected pages (split 'protect' right)
Open, LowPublicFeature
Actions

Description

It is better that we split 'protect' right rather than using '$wgCascadingRestrictionLevels':

1- 'protect': Change protection levels
2- 'editcascadeprotected': Edit cascade-protected pages (exactly like 'editsemiprotected' and 'editprotected' rights)

Change protection levels and edit cascade-protected pages are two different concepts.

Version: 1.24rc
Severity: enhancement

Details

Reference
bz69607

Related Objects

Event Timeline

bzimport raised the priority of this task from to Low.Nov 22 2014, 3:33 AM
bzimport added a project: MediaWiki-Page-protection.
bzimport set Reference to bz69607.
bzimport added a subscriber: Unknown Object (MLST).
Calak created this task.Aug 15 2014, 2:08 PM
Vogone added a comment.Aug 16 2014, 10:14 AM

And what makes you feel 'editprotected' would be inappropriate for this purpose? Cascading protections are still protections, not something different level of protection.

Calak added a comment.Aug 16 2014, 10:59 AM

Because 'editcascadeprotected' can be temporary.
For example now (August 16) you can not edit "Wikipedia:Selected anniversaries/August 16" on en.wikipedia, but you can edit it on other days.
So 'editprotected' is not like 'editcascadeprotected'; a user with 'editcascadeprotected' right should not be able to edit all protected pages like 'editprotected' right.

Jackmcbarn added a comment.Aug 20 2014, 3:17 AM

If you can edit cascading-protected pages, you can protect arbitrary pages by transcluding them in cascading-protected pages. This makes it equivalent to protect anyway, so there's no reason to split the rights. WONTFIX. (And I think this is also a duplicate of something, though I'm not sure which offhand).

Anomie merged a task: T101309: Split protect permission into two new rights.Jul 12 2016, 6:09 PM
Anomie added subscribers: Legoktm, gerritbot, MGChecker and 2 others.
MGChecker claimed this task.Jul 18 2016, 12:10 PM
MGChecker reopened this task as Open.Jul 18 2016, 12:36 PM
Xaosflux subscribed.Oct 14 2017, 2:32 PM
Xaosflux added a comment.Oct 14 2017, 2:36 PM

Just ran across this again in discussion on enwiki: https://en.wikipedia.org/wiki/Wikipedia:Village_pump_(policy)#RFC:_Proposal_to_allow_Template_Editors_the_ability_to_indirectly_edit_the_Main_Page

I reject the "WONTFIX" argument that YES, editcascade can have a side affect of allowing included pages to inherit the protection - this could be desirable for some projects. More importantly, it would prevent removal or alteration of protection not needed for editing.

Xaosflux changed the task status from Open to Stalled.Oct 14 2017, 2:36 PM
Betacommand subscribed.Oct 14 2017, 2:38 PM
Vanamonde93 subscribed.Oct 15 2017, 6:14 AM

Chiming in at the invitation of Xaosflux. If I understand the technicalities correctly, this unbundling could address a fairly frequent matter of contention, and improve the ability of some of en.wiki's most dedicated contributors to fix serious and visible issues.

Vanamonde93 added a comment.Oct 15 2017, 6:17 AM

ALSO: I too reject the WONTFIX argument. If unbundled, the ability to edit cascade protected pages would be handed to a few trusted users who do not have the ability to protect pages in the normal way. If they used this user-right to bypass that restriction, it would logically be grounds for immediate removal of said user-right. Any tool is open to abuse; it is up to the community to forestall and address any such abuse.

MGChecker added a comment.Oct 15 2017, 2:28 PM

The idea of the wontfix argument is that it's technically possible to protect any pages by editing cascade protected ones. However, while this might be theoretically true, I think there's some distinction in practice:

  1. If I have an cascade protected main page, in practice I won't use this to protect anything that isn't on the main page – it would be disruptive. It's something else than doing individual protection decision.
  2. You can finally combine protection levels and cascade protection in a useful way (as someone who can protect pages usually also can edit all protected pages.) This way, you could imagine a main page cascade protected to be editable just by a trusted user group (with its own protection level), while most other cascade protected pages stay on sysop level.

This isn't a purely academical topic, but has really valuable papplication in a wide variety of WMF- and Non-WMF-wikis. I really think we should do this.

Note that there's a more concrete discussion of this idea in T101309. Furthermore, there's a (hopefully still) working patch by me implementing this feature on a purely optional basis, meaning that somebody with the protect permission would still be able to edit cascade protected pages. Nothing would change if the new permission isn't explicitly designed to any goup (Currently, it's automatically assigned to sysop by default, but this could be turned of too)

MGChecker awarded a token.Oct 15 2017, 2:28 PM
Amorymeltzer subscribed.May 7 2019, 12:19 AM
Ammarpad subscribed.Sep 27 2019, 4:45 PM

@Xaosflux what's stalling this?

DannyS712 subscribed.Sep 28 2019, 2:44 AM
Pppery awarded a token.Oct 3 2019, 10:17 PM
Wugapodes subscribed.Oct 8 2019, 3:52 AM
Anomie mentioned this in T239916: Cascading protection on different than sysop levels has not valid effect - protection works as sysop-protected regardless of another level set.Dec 5 2019, 3:59 PM
Valereee subscribed.Apr 24 2020, 1:57 PM
Coffeeandcrumbs subscribed.Apr 25 2020, 5:36 AM
BEANS-X2 subscribed.Apr 27 2020, 12:34 PM
BEANS-X2 awarded a token.Apr 27 2020, 12:38 PM
BEANS-X2 rescinded a token.
BEANS-X2 rescinded a token.
MZMcBride subscribed.May 2 2020, 1:57 AM
Thryduulf subscribed.May 2 2020, 11:49 AM
Aklapper changed the task status from Stalled to Open.Nov 3 2020, 12:12 PM

The previous comments don't explain who or what (task?) exactly this task is stalled on ("If a report is waiting for further input (e.g. from its reporter or a third party) and can currently not be acted on"). Hence resetting task status, as tasks should not be stalled (and then potentially forgotten) for years for unclear reasons.

Izno moved this task from Backlog to Cascade on the MediaWiki-Page-protection board.Jan 7 2021, 10:54 PM
Aklapper removed MGChecker as the assignee of this task.Jul 2 2021, 5:25 AM

Removing task assignee due to inactivity, as this open task has been assigned for more than two years (see emails sent to assignee on May26 and Jun17, and T270544). Please assign this task to yourself again if you still realistically [plan to] work on this task - it would be very welcome!

(See https://www.mediawiki.org/wiki/Bug_management/Assignee_cleanup for tips how to best manage your individual work in Phabricator.)

Pppery rescinded a token.Aug 29 2021, 2:38 AM
Aklapper changed the subtype of this task from "Task" to "Feature Request".Feb 4 2022, 11:13 AM
Aklapper removed a subscriber: wikibugs-l-list.
Rschen7754 subscribed.Apr 2 2022, 6:00 PM
Rschen7754 added a comment.Apr 2 2022, 6:03 PM

This has come up in a current permissions discussion with the global interface editor group, where that group has the ability to protect pages on all wikis. I do not think they should have the ability to do this.

Rschen7754 added a comment.Apr 3 2022, 12:04 AM
In T71607#728172, @Jackmcbarn wrote:

If you can edit cascading-protected pages, you can protect arbitrary pages by transcluding them in cascading-protected pages. This makes it equivalent to protect anyway, so there's no reason to split the rights. WONTFIX. (And I think this is also a duplicate of something, though I'm not sure which offhand).

Not sure that this is a good perspective - perfect/enemy of good and all that.

CptViraj subscribed.Apr 3 2022, 2:19 AM
Stang subscribed.Apr 3 2022, 6:46 PM
dmehus added a project: User-RhinosF1.Apr 3 2022, 7:04 PM
dmehus subscribed.
Restricted Application added a subscriber: RhinosF1. · View Herald TranscriptApr 3 2022, 7:05 PM
dmehus moved this task from Radar to Miraheze-Linked on the User-RhinosF1 board.Apr 3 2022, 7:06 PM
RhinosF1 removed a project: User-RhinosF1.Apr 3 2022, 7:12 PM

This isn't something that was originally reported at Miraheze, is being managed by me nor has a significant impact for us beyond that of any mediawiki instance

RhinosF1 unsubscribed.Apr 3 2022, 7:14 PM
Base subscribed.Apr 4 2022, 3:54 PM
Bugreporter renamed this task from Split 'protect' right in two distinct permissions (instead of using '$wgCascadingRestrictionLevels') to introduce new user right to edit cascade-protected pages (split 'protect' right).Apr 6 2023, 1:27 PM
Bugreporter mentioned this in T334155: frwiki : autopatrolled level cascading protection.
Bugreporter merged a task: T294359: An user should have "editprotected" right instead of "protect" to be able to edit cascade protected pages.
Bugreporter added subscribers: MBH, IKhitron, Zabe.
Rschen7754 unsubscribed.Sep 13 2023, 2:19 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits