Last modified: 2011-01-25 01:51:10 UTC
# (User rights log); 02:18 . . MZMcBride (Talk | contribs | block) changed group membership for User:Bunnyrabbitholla! from (none) to Editors and Reviewers (testing)
# (Block log); 02:17 . . MZMcBride (Talk | contribs | block) blocked MZMcBride (Talk | contribs) with an expiry time of 10 minutes (autoblock disabled) (testing)
This seems rather silly. Blocked users should only be able to unblock themselves (if they have the appropriate right). Nothing else.
If a user can grant a flag with the block right, but for some reason doesn't have it (or any other flag with block) set on themselves and then gets blocked, what would they do then if they got "you are blocked" errors upon trying to give themselves the rights needed to lift the block?
(In reply to comment #1)
> If a user can grant a flag with the block right, but for some reason doesn't
> have it (or any other flag with block) set on themselves and then gets blocked,
> what would they do then if they got "you are blocked" errors upon trying to
> give themselves the rights needed to lift the block?
Get someone else to unblock them?
Is there any reason to do this other than "this seems silly"?
If a user is blocked, presumably someone didn't want them making any actions on the wiki. A user could, for example, assign themselves +editor and then remove it from themselves with spam in the edit summaries. Or an insecure bureaucrat account that has been blocked but not yet had its rights removed could remove rights from other accounts.
If an account is blocked, it should be _blocked_. It should only be able to perform a very limited set of actions (really only being able to unblock itself) and that's it.
What is the point if he can unblock himself and then do the all actions again? What if someone blocks everybody else from using user rights?
It is possible to have opt-in groups (as per test.wikipedia) whereby a user without block/unblock ability can manipulate user rights.
I suggest that anyone with access to UserRights via: $wgAddGroups $wgRemoveGroups $wgGroupsAddToSelf $wgGroupsRemoveFromSelf should be blocked from editing user rights if they are blocked.
Conversely, anyone with the 'userrights' permission should not be blocked from user rights if blocked, as this implies full access to all rights on the wiki (in theory). The reason is: having 'userrights' permission does not imply having 'block'. It is not uncommon for a 'bureaucrat' to not also be a 'sysop' (obviously does not apply to WMF projects, where bureaucrats don't have full access to userrights).
fixed in r52082