Last modified: 2009-09-18 13:01:53 UTC
Created attachment 6254 [details] abusefilter-view-private user right There is currently a discussion on enwiki about how to distribute abuse filter rights between different user groups. One proposal is to separate the right to view private filter details and the right to edit filters, and assign these to different user groups. Currently, these rights are both granted by abusefilter-modify (Views/AbuseFilterViewEdit.php, lines 222-225). The attached patch allows the optional allocation of a new user right, abusefilter-view-private, which allows usergroups without abusefilter-modify but with abusefilter-view-private to view hidden filters. Users in such a usergroup who view the hidden abuse page should see all the Big Red Buttons and text fields grayed through $readOnlyAttrib, and aren't assigned edit tokens either. (I haven't tested the patch, though, so someone'll need to give it a test-drive.) Users with abusefilter-modify automatically have the ability to view the hidden filters, so there's no need to give those users abusefilter-view-private on top. Even if this functionality is not exploited on enwiki, I am sure that there will be other wikis, WMF or otherwise, which will find it useful.
Comment on attachment 6254 [details] abusefilter-view-private user right Index: AbuseFilter/AbuseFilter.php =================================================================== --- AbuseFilter/AbuseFilter.php (revision 52305) +++ AbuseFilter/AbuseFilter.php (working copy) @@ -78,6 +78,7 @@ $wgAvailableRights[] = 'abusefilter-private'; $wgAvailableRights[] = 'abusefilter-modify-restricted'; $wgAvailableRights[] = 'abusefilter-revert'; +$wgAvailableRights[] = 'abusefilter-view-private'; $wgLogTypes[] = 'abusefilter'; $wgLogNames['abusefilter'] = 'abusefilter-log-name'; Index: AbuseFilter/Views/AbuseFilterViewEdit.php =================================================================== --- AbuseFilter/Views/AbuseFilterViewEdit.php (revision 52305) +++ AbuseFilter/Views/AbuseFilterViewEdit.php (working copy) @@ -220,7 +220,7 @@ $wgOut->setSubtitle( wfMsg( 'abusefilter-edit-subtitle', $filter, $history_id ) ); // Hide hidden filters. - if (isset($row->af_hidden) && $row->af_hidden && !$this->canEdit()) { + if (isset($row->af_hidden) && $row->af_hidden && !($this->canEdit() || $wgUser->isAllowed( 'abusefilter-view-private' ))) { return wfMsg( 'abusefilter-edit-denied' ); } Index: AbuseFilter/AbuseFilter.i18n.php =================================================================== --- AbuseFilter/AbuseFilter.i18n.php (revision 52305) +++ AbuseFilter/AbuseFilter.i18n.php (working copy) @@ -61,6 +61,7 @@ 'right-abusefilter-private' => 'View private data in the abuse log', 'right-abusefilter-modify-restricted' => 'Modify abuse filters with restricted actions', 'right-abusefilter-revert' => 'Revert all changes by a given abuse filter', + 'right-abusefilter-view-private' => 'View abuse filters marked as private', 'action-abusefilter-modify' => 'modify abuse filters', 'action-abusefilter-view' => 'view abuse filters', @@ -69,6 +70,7 @@ 'action-abusefilter-private' => 'view private data in the abuse log', 'action-abusefilter-modify-restricted' => 'modify abuse filters with restricted actions', 'action-abusefilter-revert' => 'revert all changes by a given abuse filter', + 'action-abuserfilter-view-private' => 'view abuse filters marked as private', // Abuse Log 'abusefilter-log' => 'Abuse filter log',
Comment on attachment 6254 [details] abusefilter-view-private user right >Index: AbuseFilter/AbuseFilter.php >=================================================================== >--- AbuseFilter/AbuseFilter.php (revision 52305) >+++ AbuseFilter/AbuseFilter.php (working copy) >@@ -78,6 +78,7 @@ > $wgAvailableRights[] = 'abusefilter-private'; > $wgAvailableRights[] = 'abusefilter-modify-restricted'; > $wgAvailableRights[] = 'abusefilter-revert'; >+$wgAvailableRights[] = 'abusefilter-view-private'; > > $wgLogTypes[] = 'abusefilter'; > $wgLogNames['abusefilter'] = 'abusefilter-log-name'; >Index: AbuseFilter/Views/AbuseFilterViewEdit.php >=================================================================== >--- AbuseFilter/Views/AbuseFilterViewEdit.php (revision 52305) >+++ AbuseFilter/Views/AbuseFilterViewEdit.php (working copy) >@@ -220,7 +220,7 @@ > $wgOut->setSubtitle( wfMsg( 'abusefilter-edit-subtitle', $filter, $history_id ) ); > > // Hide hidden filters. >- if (isset($row->af_hidden) && $row->af_hidden && !$this->canEdit()) { >+ if (isset($row->af_hidden) && $row->af_hidden && !($this->canEdit() || $wgUser->isAllowed( 'abusefilter-view-private' ))) { > return wfMsg( 'abusefilter-edit-denied' ); > } >
- if (isset($row->af_hidden) && $row->af_hidden && !$this->canEdit()) { + if (isset($row->af_hidden) && $row->af_hidden && !($this->canEdit() || $wgUser->isAllowed( 'abusefilter view-private' ))) { Would prefer that this was broken out to a canView() method, instead of hacked in here.
Created attachment 6255 [details] abusefilter-view-private user right, added English language variables Apologies for making such a mess of the attachment... Bugzilla and I are still not quite acquainted! This is a second version of the patch – I suddenly realised that I hadn't added any language variables for the new user right.
(In reply to comment #4) > Apologies for making such a mess of the attachment... Bugzilla and I are still > not quite acquainted! > > This is a second version of the patch – I suddenly realised that I hadn't > added any language variables for the new user right. > Since we're both online at the same time, it might make sense for you to drop into #mediawiki and I'll do a live review with you.
Created attachment 6288 [details] abusefilter-view-private user right Created canView function and changed the static variable declaration slightly. I'm assuming this works... perhaps someone could test it? </beg>
Per the discussion at [[Wikipedia talk:Abuse filter#Adding abuse-filter-view-private into sysop package]], we would like this permission into the sysop package, but no separate user group. Thanks.
Committed with adjustments in r52743.
I've just removed my abuse-filter-editor permission and find I can't view private filters now.
(In reply to comment #9) > I've just removed my abuse-filter-editor permission and find I can't view > private filters now. That's because it hasn't been given to administrators on any wikis yet. If you want to give it to administrators on a particular wiki, please file a site request bug saying so.
