Page MenuHomePhabricator

Users without 'editcontentmodel' user right cannot create MassMessage delivery lists
Open, NormalPublic

Description

The 'editcontentmodel' user right is currently needed to create ContentHandler delivery lists, meaning that most people can't take advantage of the new system.

Related Objects

Event Timeline

wctaiwan created this task.Mar 16 2015, 2:11 AM
wctaiwan updated the task description. (Show Details)
wctaiwan raised the priority of this task from to Needs Triage.
wctaiwan added a project: MassMessage.
wctaiwan added a subscriber: wctaiwan.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 16 2015, 2:11 AM
wctaiwan triaged this task as Normal priority.Mar 16 2015, 2:13 AM
wctaiwan set Security to None.

When did MassMessage ContentHandler development finish?

Weren't there database schema changes needed to support MassMessage ContentHandler? When were those finished?

I'm just trying to get an idea of how long it's been to get this feature enabled.

mm-ch was finished and deployed to testwiki in August/September last year. The schema changes happened over a few months and finished in January (T51193).

MZMcBride renamed this task from Users without 'editcontentmodel' user right cannot create delivery lists to Users without 'editcontentmodel' user right cannot create MassMessage delivery lists.Mar 16 2015, 2:20 AM

I'm not sure that I understand why T92794 is a blocker. How is MassMessage using ContentHandler today?

During GSoC 2014, I worked on a project (https://www.mediawiki.org/wiki/Extension:MassMessage/Page_input_list_improvements) that added a ContentHandler-based system for managing delivery lists. It's unusable on Wikimedia wikis at the moment since most users don't have the user right needed to create delivery lists.

I'm not sure that I understand why T92794 is a blocker. How is MassMessage using ContentHandler today?

https://test.wikipedia.org/wiki/Yay_mm-ch! is an example of mm-ch. It's not actively advertised or used at all due to T92794. If you go to [[Special:CreateMassMessageList]] on any WMF wiki, you'll get a permission denied error because of the editcontentmodel right.

Thanks for the quick response @wctaiwan. One fairly typical way of handling this is to create a new namespace for holding configs, and then make that namespace default to the ContentHandler type for MassMessage. This avoids the usability problems associated with being able to arbitrarily change the content type for a given page. Was that approach considered? Also, is this new system getting any use at all yet, or is even initial deployment of this blocked on resolution of this issue?

wctaiwan added a comment.EditedMar 16 2015, 4:18 AM

One fairly typical way of handling this is to create a new namespace for holding configs, and then make that namespace default to the ContentHandler type for MassMessage.

I don't think this is a good idea. In many cases, it would be more logical to have a delivery list as a subpage. (For example, the Signpost's subscription list is located at Wikipedia:Wikipedia Signpost/Tools/Spamlist.)

This avoids the usability problems associated with being able to arbitrarily change the content type for a given page.

I'm not sure what you mean here by usability. As far as I know, there is no exposed UI for changing the content model. If you mean there could be adverse effects from arbitrarily modifying the content model, the security-related ones are why we have the user right in the first place (T72901), and the other ones could probably be dealt with as we deal with unconstructive edits in general.

It might be worth considering whether to disallow changing a page's content model after creation, but tying the content model to the namespace probably too inflexible (e.g. consider wikitext talk pages and Flow boards coexisting).

Also, is this new system getting any use at all yet, or is even initial deployment of this blocked on resolution of this issue?

It's never actually been usable, since even sysops don't have the user right by default. (Legoktm created a patch a few hours ago to give it to sysops: https://gerrit.wikimedia.org/r/#/c/196981/) Anyone can go to e.g. http://en.wikipedia.org/wiki/Special:CreateMassMessageList -- but clicking Submit gives a permission error.

I'm not sure what you mean here by usability. As far as I know, there is no exposed UI for changing the content model. If you mean there could be adverse effects from arbitrarily modifying the content model, the security-related ones are why we have the user right in the first place (T72901), and the other ones could probably be dealt with as we deal with unconstructive edits in general.

The way we deal with unconstructive edits in general is allow anyone (even people who can't program a bot) the ability to easily revert a disruptive action. Without addressing the blockers to T85847 (such as T72592), only someone conversant with the API will be able fix things up after a vandal swoops through.

On many (all?) wikis, we have namespaces where allowing experimentation would be useful. For example, riffing off of your Signpost example, it seems perfectly reasonable to allow the MassMessage content model in enwiki's Wikipedia: namespace. However, it's hard to imagine what benefit there would be in allowing it in enwiki's main namespace.

I get your point about not wanting to insist on a brand new namespace for MassMessage.

mm-ch was finished and deployed to testwiki in August/September last year.

Is it documented in some Extension, Manual or Help namespace page on mediawiki.org?

Se4598 added a subscriber: Se4598.Mar 16 2015, 9:28 PM

So... what else is needed here? Is T85847 the only outstanding issue?

I think this task is now resolved.

I think we should aim for allowing anyone, not just sysops, to create delivery lists.

Vogone edited subscribers, added: Vogone, Matiia, Base, Xaosflux; removed: wctaiwan.Aug 23 2018, 11:18 PM
Vogone added a subscriber: wctaiwan.

@wctaiwan as an immediate workaround, you can do what we did on enwiki: create a batch of empty shells.

From discussion on T202597 -

Would it be feasible to change the 'Special:CreateMassMessageList' permissions checking from 'editcontentmodel' to 'massmessage' ? In general we allow the creation of non-wikitext pages in special workflows already, just not this one.

Optionally, remove checking for 'editcontentmodel' access during 'Special:CreateMassMessageList' operations in general.

DannyS712 added a project: User-DannyS712.EditedApr 3 2019, 2:52 AM

I agree that users with massmessage rights should be able to create such pages, but a think permissions should be checked before allowing creation; it makes sense for non privileged users to create template styles or modules, but not massmessagelists.

Change 513512 had a related patch set uploaded (by DannyS712; owner: DannyS712):
[mediawiki/extensions/MassMessage@master] Change right required to create MassMessage lists from "editcontentmodel" to "massmessage".

https://gerrit.wikimedia.org/r/513512

DannyS712 moved this task from Unsorted to Pending on the User-DannyS712 board.Thu, May 30, 9:53 PM

@DannyS712, would "editcontentmodel" *OR* "massmessage" work even better here (I haven't thought about this in a while) - since we don't know how some downstream projects may configure their roles.

@Xaosflux I don't think that is possible, based on my understanding of the mediawiki/core/includes/specialpage/SpecialPage.php - special pages are restricted by specific user rights: '@param string $restriction User right required, e.g. "block" or "delete"', and so you can't set multiple options.

OK, no worries!

@Vogone In response to your -1 - currently, only users with the "editcontentmodel" right can create new mass message lists, though anyone can edit them to take advantage of the formatting option. This would change the user right needed to create new lists to just be massmessage, so that mass message senders can create their own lists. You will still be able to use the lists without that right.

Vogone added a comment.Sun, Jun 9, 7:19 AM

only users with the "editcontentmodel" right can create new mass message lists

This is exactly the problem I was addressing.

DannyS712 added a comment.EditedSun, Jun 9, 7:24 AM

Well, currently, there are users who can send mass messages but not create new ones. What about granting mass message senders editcontentmodel rights?

@DannyS712 that would be a simple config request, but the point of this request was to avoid adding editcontentmodel to more people
@Vogone we currently support many workflows to create pages in non-wikitext (e.g. creating css pages, js pages) and I'm looking at expanding just this one workflow, do you see an issue with the concept?