Last modified: 2011-03-13 18:06:49 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 3294 - Introducing permissionkeys 'listusers' and 'listcontributions'
Introducing permissionkeys 'listusers' and 'listcontributions'
Status: RESOLVED WONTFIX
Product: MediaWiki extensions
Classification: Unclassified
Extensions requests (Other open bugs)
unspecified
All All
: Lowest enhancement with 1 vote (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2005-08-28 19:03 UTC by T. Gries
Modified: 2011-03-13 18:06 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
patch (1.96 KB, patch)
2005-08-28 19:04 UTC, T. Gries
Details
Revised patch for REL1_5. Introduces new permissionskeys 'listusers' and 'listcontributions' (2.05 KB, text/x-diff)
2005-08-28 22:16 UTC, T. Gries
Details
patch, revisited and revised: allow any user to list the own contributions regardless of the permission key (2.08 KB, patch)
2005-09-13 00:20 UTC, T. Gries
Details

Description T. Gries 2005-08-28 19:03:46 UTC
I have added a switch, which disables the  
 
* list of all users 
* list of other user's contributions 
 
for non-sysops.  
 
This is mainly for use of MediaWiki in enterprises. For Wikipedia, $wgEnhancedPrivacy = false;
Comment 1 T. Gries 2005-08-28 19:04:28 UTC
Created attachment 836 [details]
patch
Comment 2 Brion Vibber 2005-08-28 21:21:15 UTC
First, note that this provides no actual privacy protection. Contributions continue to 
be listed in numerous places, including complete lists in page history. It would be 
straightforward to scrape a user's complete contributions list should one want it.

Second, this isn't a very good switch as it's special-cased. Better would be to add a 
permission key for each of these, and have it on the * group in the default 
configuration. This would be more flexible, allowing any configuration (not just 
sysops, but perhaps all logged-in users, or another special class).
Comment 3 T. Gries 2005-08-28 21:26:24 UTC
(In reply to comment #2)
> First, note that this provides no actual privacy protection. Contributions
continue to 
> be listed in numerous places, including complete lists in page history. It
would be 
> straightforward to scrape a user's complete contributions list should one want it.
Agreed. Intention was to disallow (e.g.) directors (easily) browsing the
contributions of their staff.

> Second, this isn't a very good switch as it's special-cased. Better would be
to add a 
> permission key for each of these, and have it on the * group in the default 
> configuration. This would be more flexible, allowing any configuration (not just 
> sysops, but perhaps all logged-in users, or another special class).
What will be your proposal for such a permission key / group name ?
Comment 4 T. Gries 2005-08-28 21:36:13 UTC
(In reply to comment #2)
> ... Better would be to add a  > permission key for each of these, and have it
on the * group in the default 
> configuration. This would be more flexible, allowing any configuration (not just 
> sysops, but perhaps all logged-in users, or another special class).

My proposals for permissionkeys as suggested by Brion:

- ['listusers']
- ['listcontributions']

I'll soon publish a new patch taking Brion's suggestions into account.
Comment 5 T. Gries 2005-08-28 22:16:46 UTC
Created attachment 838 [details]
Revised patch for REL1_5. Introduces new permissionskeys 'listusers' and 'listcontributions'
Comment 6 T. Gries 2005-08-28 22:17:39 UTC
changed title 
Comment 7 T. Gries 2005-09-13 00:20:18 UTC
Created attachment 879 [details]
patch, revisited and revised: allow any user to list the own contributions regardless of the permission key
Comment 8 T. Gries 2005-12-09 08:52:31 UTC
small additional fix to disable the display of "Contributions", when the user is not entitled to see the contributions 
of others due to permission restrictions: 
 
In SkinTemplate.php about line 860 add the marked lines 
 
		if( $this->mTitle->getNamespace() == NS_USER || $this->mTitle->getNamespace() == NS_USER_TALK ) { 
			$id = User::idFromName($this->mTitle->getText()); 
			$ip = User::isIP($this->mTitle->getText()); 
		} else { 
			$id = 0; 
			$ip = false; 
		} 
+ 
+		# disable "list contributions" in the toolbox, if the user is not allowed to use it 
+		if ( !$wgUser->isAllowed( 'listcontributions' ) && ($wgUser->getId() != $id) ) { 
+			$id = 0; 
+			$ip = false; 
+		} 
 
 
clean and complete patch on request 
 
Comment 9 Ævar Arnfjörð Bjarmason 2005-12-09 08:56:10 UTC
Eugh, seems pretty specialized stuff, I think it would be better to make it an
extension.
Comment 10 T. Gries 2005-12-09 09:22:08 UTC
(In reply to comment #9)
> Eugh, seems pretty specialized stuff, I think it would be better to make it an
> extension.

Avar:
some few arguments

* introduction of these additional permissionkeys was suggested by Brion (
http://bugzilla.wikimedia.org/show_bug.cgi?id=3294#c2 )
*  I think, these two permissionkeys are useful in a broader sense (admittedly
not necessarily for wikipedia, which I know is the main target of MediaWiki)
* the additional code is short
* I don't expect that more of such "privacy" keys are needed
Comment 11 Ævar Arnfjörð Bjarmason 2005-12-09 10:01:53 UTC
(In reply to comment #10)
> (In reply to comment #9)
> > Eugh, seems pretty specialized stuff, I think it would be better to make it an
> > extension.
> 
> Avar:
> some few arguments
> 
> * introduction of these additional permissionkeys was suggested by Brion (
> http://bugzilla.wikimedia.org/show_bug.cgi?id=3294#c2 )
> *  I think, these two permissionkeys are useful in a broader sense (admittedly
> not necessarily for wikipedia, which I know is the main target of MediaWiki)
> * the additional code is short
> * I don't expect that more of such "privacy" keys are needed

The reason I suggested that you'd implement this as a hook/extension is that
this is an example of something that would ideally be one. This is not something
most users would require in the default distribution. The reason the hook system
exists is so that we won't have code that looks like:

"""
global $SomeSpecializedStuff, $SomeSpecializedStuff2, $SomeSpecializedStuff3, ...;

if ($SomeSpecializedStuff)
        ...;
if ($SomeSpecializedStuff2)
        ...;
if ($SomeSpecializedStuff3)
        ...;
...
"""

Rather you can just have

"""
if ( ! wfRunHooks( 'HookForAnyPurpose', array( &$this, &$that, ...) );
        return;
"""

which allows *everyone* to do *anything* at that point in the execution without
bloating the main code. It reduces maintenance for everyone involved and PHP
won't have as much stuff to parse, it's a win-win situation and I really don't
see what anyone would have against it.

Anyway, I've implemented the hooks and extensions for this bug in CVS HEAD, you
can find the extension in the Contributionsviewpermission directory in the
extension module in CVS.

Marking this as FIXED in CVS.

Comment 12 Ævar Arnfjörð Bjarmason 2005-12-09 10:04:06 UTC
Removing bogus dependancy.
Comment 13 T. Gries 2005-12-09 10:22:30 UTC
(In reply to comment #11)
> The reason I suggested that you'd implement this as a hook/extension is that
> this is an example of something that would ideally be one [...]
> Anyway, I've implemented the hooks and extensions for this bug in CVS HEAD, you
> can find the extension in the Contributionsviewpermission directory in the
> extension module in CVS.
Avar,
I fully agree.
This is great news; I am willing to study it and to learn for the future. It
also enables me to work in conformity with you developers.

Thanks again
Tom

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links