Last modified: 2013-07-19 22:20:16 UTC
Especially on wikinews where pages get protected after seven days, protected pages that need bot attention are particularly problematic. Bots only handle non-controversial mindless tasks on pages. To wait for a page to get unprotected just to be able to add an interiwkilink or fix a double redirect does not feel very logical to me. Furthermore I do not think it is wise to grant bots all adminship tools just so they can edit protected pages. If a bots make controversial edits on any page (weather it is protected or not) they tend to get blocked and loose their botflag - so I do not believe abuse is an issue here. For pages protected from bot edits (I cant think of a single valid case) there may be a 3rd level of protection above current 'full protection'.
I guess we can define a new permission like 'editprotected', which is set to true for sysops. Wikis like wikinews can define a new group of users (like Trusted Bots or something) with that permission on LocalSettings.php and then a Bureaucrat can assign trusted bots to this group, so they can change protected pages. If there is no objection (and no-one comes up with a good reason for avoiding the above solution) I will create a patch for it in a couple of days.
With r31247 it is now possible to give the 'editprotected' permission to a group of users, without making them sysops. For example, a line can be added to LocalSettings.php like this: $wgGroupPermissions['bot' ]['editprotected'] = true; to let all accounts with bot flag edit a protected page.
Thanks for the quick fix!
Can this be applied on en.wikinews? Do we need a vote on it?
I'm afraid the local community should reach agreement about it, and then you should open a new bug here (not under MediaWiki section, but under Wikimedia > Site request section) linking to the page where the agreement has been archived. A developer with shell access will then apply the required changes for that specific wiki. As the feature requested here is fullfiled, I'm marking it as FIXED again.
With r31462, I undid the changes made to Title.php, because of a security flaw introduced with r31247. I and ialex are working on the correct solution to this bug.
With r32164 I fixed the bug again, taking care of the cascading issues. For the correct usage see comment #2.
Change 71536 had a related patch set uploaded by Anomie: Fix protection rights usage https://gerrit.wikimedia.org/r/71536
Change 71536 merged by jenkins-bot: Fix protection rights usage https://gerrit.wikimedia.org/r/71536
So what is the conclusion? Can bots edit protected pages now?
