Last modified: 2011-03-13 18:06:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 12529 - A special group for testing bots needed
A special group for testing bots needed
Product: MediaWiki
Classification: Unclassified
User login and signup (Other open bugs)
All All
: Lowest enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2008-01-06 10:20 UTC by Edward Chernenko
Modified: 2011-03-13 18:06 UTC (History)
2 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Edward Chernenko 2008-01-06 10:20:17 UTC
People who write bots usually need to supply their products with a testsuite. However, many features need logging in (such as upload), and some of them even require sysop access or higher. What we do now? We create a group account and make it's password accessible to anyone (in fact, we can't prevent some badguy from capturing this account). Of course, it causes a hole in security of the wiki. It's normal for Testwiki, but even there it's impossible to grant sysop flags or higher to all, to test blocking, pages protection etc.

I suggest the following solution of this problem: we create a special user group, say "bottest". Accounts in it (simply referred to as 'bottesters' below) should have some limitations:
1) bottester can't change the password of it's account.
2) 'bot' flag should not work while account is flagged as bottester (all edits will be visible in RC).

Bottester should be able to:
1) delete pages, but only created by itself or other bottester.
2) block itself or another bottesters.
3) unblock bottesters blocked by itself or other bottesters (and only by them).
4) assign any flags (bot, patroller, sysop, bureaucrat) to other bottesters, or drop
these flags from bottesters.
Comment 1 Victor Vasiliev 2008-01-12 12:25:20 UTC
Such flag will need much core rewriting, though I can't understand why can't bot writer test thier bot on loccal wikis, etc. This change will cause many security issues (especially with shared accounts, which are forbidden on Wikimedia), so I close it as WONTFIX. 

Note You need to log in before you can comment on or make changes to this bug.