Last modified: 2010-05-15 15:38:21 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 2498 - Redundancies in user group rights
Redundancies in user group rights
Status: RESOLVED FIXED
Product: MediaWiki
Classification: Unclassified
General/Unknown (Other open bugs)
1.5.x
All All
: Normal trivial with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks: code_quality 767
  Show dependency treegraph
 
Reported: 2005-06-24 00:33 UTC by Zigger
Modified: 2010-05-15 15:38 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments

Description Zigger 2005-06-24 00:33:19 UTC
loadFromDatabase() in User.php seems to apply '*' and 'user' group rights to
logged-in users.
This would mean that there are redundant assignments in the default
$wgGroupPermissions in DefaultSettings.php for the 'user' group ('read') and the
'sysop' group ('createaccount', 'move', 'upload').

$wgAvailableRights includes an 'undelete' right which is not needed as
SpecialUndelete.php is registered to use the 'delete' right as the restriction.

The deprecated isBureaucrat() (for cross-version extensions?) in User.php checks
the right 'makesysop' which does not exist in $wgAvailableRights or the default
$wgGroupPermissions.

The message 'makesysop' also seems to be redundant in the language files.

Also, some Special pages have checks on the relevant right (e.g.
SpecialLockdb.php, SpecialBlockip.php), but other do not (e.g.
SpecialUndelete.php, SpecialUserrights.php).

SpecialGroups.php still seems to exist in CVS but is not currently used, and
$wgAvailableRights still includes 'grouprights'.
Comment 1 Brion Vibber 2005-06-24 00:42:38 UTC
Best to break these into separate bugs where applicable...

(In reply to comment #0)
> loadFromDatabase() in User.php seems to apply '*' and 'user' group rights to
> logged-in users.
> This would mean that there are redundant assignments in the default
> $wgGroupPermissions in DefaultSettings.php for the 'user' group ('read') and the
> 'sysop' group ('createaccount', 'move', 'upload').

These are intentional for ease of configuration, so you can block out those rights at one level 
without explicitly adding it back in.

> $wgAvailableRights includes an 'undelete' right which is not needed as
> SpecialUndelete.php is registered to use the 'delete' right as the restriction.

Perhaps it should be used, then...

> The deprecated isBureaucrat() (for cross-version extensions?) in User.php checks
> the right 'makesysop' which does not exist in $wgAvailableRights or the default
> $wgGroupPermissions.

isBureaucrat() should be removed. If anything uses it it should be replaced with an appropriate 
check.

> The message 'makesysop' also seems to be redundant in the language files.

If used should be moved to the extension's localization files. (We ought to have a clean 
standard system for that, too.)

> Also, some Special pages have checks on the relevant right (e.g.
> SpecialLockdb.php, SpecialBlockip.php), but other do not (e.g.
> SpecialUndelete.php, SpecialUserrights.php).

The definition of the special page in SpecialPage.php will specify a permission required to use 
that page; the page itself only needs to check if there is different behavior under different 
available permission levels.

> SpecialGroups.php still seems to exist in CVS but is not currently used, and
> $wgAvailableRights still includes 'grouprights'.

Should probably be removed; if we re-add it it can be recovered from CVS history.
Comment 2 Zigger 2005-06-24 17:40:24 UTC
(In reply to comment #1)
> Best to break these into separate bugs where applicable...

Okay.  I'll resolve this bug as invalid once all the relevant individual bugs
are re-entered.

>...
> > $wgAvailableRights includes an 'undelete' right which is not needed as
> > SpecialUndelete.php is registered to use the 'delete' right as the restriction.
> 
> Perhaps it should be used, then...
>...
 
Entered as bug 2500 for further discussion.
Comment 3 Zigger 2005-12-12 05:57:42 UTC
Ævar removed 'undelete' from $wgAvailableRights in Defines.php CVS v1.34 a few
days ago.
Comment 4 Antoine "hashar" Musso (WMF) 2006-05-10 20:11:04 UTC
removed User::isBureaucrat , User::Developer , User::isSysop with r14158
they give a backtrace as of v1.7. Should be removed in v1.8
Comment 5 Rob Church 2006-07-04 09:28:54 UTC
Most of this seems to have been addressed now.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links