Page MenuHomePhabricator
Create Task
Maniphest T210642

Disallow eliminators to block sysops on fawiki
Closed, DeclinedPublic
Actions

Description

Fawiki is one of the (I think) 2 or 3 wikis that has an "eliminator" group. This group is not sysop, but has the block right. Selection for this group is also not as rigorous as it is for becoming a sysop. The local policy specifically does not allow eliminators to block users who have any of the following rights: sysop, patrol, autopatrol, revert. We enforce this by retrospectively reviewing the logs.

Given T150826, we would like to make it technically impossible for eliminators to block sysops. My initial survey of the code shows this is not a quick fix. Ideas are welcome; my thought right now is to create an extension that (a) defines the "eliminator" role, and (b) calls the rights hooks to prevent the block attempts.

Details

SubjectRepoBranchLines +/-
Dissallow eliminators to block certain groups on fawikioperations/mediawiki-configmaster+9 -0
Enable restricting certain groups from blocking certain groups.mediawiki/coremaster+59 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

Huji created this task.Nov 28 2018, 6:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 28 2018, 6:33 PM
Huji triaged this task as Low priority.Nov 28 2018, 6:33 PM
Huji added a parent task: T150826: Remove unblockself right on wikimedia wikis (but allow blocked admins to block their blocker).

I am setting priority, as I will be working on it myself.

I am setting it to low for now, to match the parent task. But indeed, since T150826 has been already implemented, this might deserve a higher priority.

Daimona subscribed.Nov 28 2018, 6:47 PM

@Huji maybe we could add a new global config, for instance wgGroupBlockRestrictions to serve this purpose. In fawiki's case, that would take a value of $wgGroupBlockRestrictions['eliminator'] = ['sysop']. This doesn't allow a customization based on user rights instead of user groups, but it could still be useful in a broader range of cases.

Yamaha5 awarded a token.Nov 28 2018, 8:04 PM
Huji claimed this task.Nov 29 2018, 1:40 AM

Excellent idea! Patch coming shortly.

gerritbot subscribed.Nov 29 2018, 1:44 AM

Change 476439 had a related patch set uploaded (by Huji; owner: Huji):
[mediawiki/core@master] Enable restricting certain groups from blocking certain groups.

https://gerrit.wikimedia.org/r/476439

gerritbot added a project: Patch-For-Review.Nov 29 2018, 1:44 AM
Ammarpad subscribed.Nov 29 2018, 8:56 AM
Huji moved this task from Backlog to User blocking on the MediaWiki-User-management board.Nov 29 2018, 1:34 PM
Huji moved this task from Backlog to Config - to process on the Wikimedia-Site-requests board.
gerritbot added a comment.Nov 29 2018, 1:46 PM

Change 476503 had a related patch set uploaded (by Huji; owner: Huji):
[operations/mediawiki-config@master] Dissallow eliminators to block certain groups on fawiki

https://gerrit.wikimedia.org/r/476503

Huji added a comment.Nov 29 2018, 6:53 PM

Test instructions for https://gerrit.wikimedia.org/r/476439

  1. Add the following to LocalSettings.php :
$wgGroupBlockRestrictions['eliminator'] = [ 'sysop' ];
$wgGroupPermissions['eliminator']['block']  = true;
  1. Create an account and promote them to the "eliminator" group. Make sure you also have a user in the "sysop" group.
  2. Log in using the "eliminator" user and try to block the "sysop" user. You should get a warning message disallowing you. Submitting the form should also result in failure.
Huji mentioned this in T210767: Create a unit test for $wgGroupBlockRestrictions.Nov 29 2018, 6:55 PM
Sannita renamed this task from Dissallow eliminators to block sysops on fawiki to Disallow eliminators to block sysops on fawiki.Dec 15 2018, 8:51 PM
gerritbot added a comment.Feb 8 2019, 2:07 AM

Change 476439 abandoned by Huji:
Enable restricting certain groups from blocking certain groups.

Reason:
Too many people have described this as config creep, so I am going to abandon this.

https://gerrit.wikimedia.org/r/476439

Huji closed subtask T210767: Create a unit test for $wgGroupBlockRestrictions as Declined.Feb 8 2019, 2:08 AM
gerritbot added a comment.Jul 27 2019, 12:13 AM

Change 476503 abandoned by Huji:
Dissallow eliminators to block certain groups on fawiki

https://gerrit.wikimedia.org/r/476503

Huji removed Huji as the assignee of this task.Jul 27 2019, 12:13 AM
Maintenance_bot removed a project: Patch-For-Review.Jul 27 2019, 1:10 AM
Ammarpad closed this task as Declined.EditedOct 14 2019, 7:05 AM

Don't give impression config setting like this is going to happen anytime soon, per the several unintended consequences described in the parent patch.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits