Last modified: 2012-12-21 04:18:17 UTC

Wikimedia Bugzilla is closed!

Wikimedia has migrated from Bugzilla to Phabricator. Bug reports should be created and updated in Wikimedia Phabricator instead. Please create an account in Phabricator and add your Bugzilla email address to it.
Wikimedia Bugzilla is read-only. If you try to edit or create any bug report in Bugzilla you will be shown an intentional error message.
In order to access the Phabricator task corresponding to a Bugzilla report, just remove "static-" from its URL.
You could still run searches in Bugzilla or access your list of votes but bug reports will obviously not be up-to-date in Bugzilla.
Bug 16791 - Don't offer meaningless protection levels (e.g., move=autoconfirmed with moves restricted to autoconfirmed)
Don't offer meaningless protection levels (e.g., move=autoconfirmed with move...
Status: NEW
Product: MediaWiki
Classification: Unclassified
Page protection (Other open bugs)
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
Depends on:
  Show dependency treegraph
Reported: 2008-12-25 19:06 UTC by Cenarium
Modified: 2012-12-21 04:18 UTC (History)
7 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Description Cenarium 2008-12-25 19:06:13 UTC
When decreasing the protection level, a page is sometimes saved with "move=autoconfirmed" only, which has no effect since move is restricted to autoconfirmed users (on Wikipedia). It's an inconvenience for maintenance activities and it confuses bots. So when a page is saved with "move=autoconfirmed" only, could it be read as an unprotection by mediawiki ? Thanks.
Comment 1 Gurch 2008-12-25 19:58:22 UTC
Better still, change the interface so that move=autoconfirmed isn't even an option (move protection really only needs to be a checkbox, 'sysop' or nothing, on wikis without additional levels).
Comment 2 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-12-25 20:11:43 UTC
This might require some fairly tricky logic to pull off in the general case.  I really don't think we want to write specific hacks for particular permissions setups, although admittedly the protection system is full of those as-is . . .
Comment 3 Alex Z. 2008-12-25 20:38:34 UTC
I thought about this somewhat after it was brought up on enwiki's village pump. The main issue is that it requires the software to "know" the hierarchy of protection levels. Protection levels are technically based on rights, not groups. The 'sysop' in $wgRestrictionLevels is treated as 'protect'. I guess what you'd have to do is look up all the groups that have a given permission (such as 'move') and then you'd need some logic to determine if the requested configuration (move=autoconfirmed) is equivalent to or less restrictive than the default. Since restrictions can have separate expires, this would also need to be checked whenever a permission expires.

The other option is redoing the protection config variables. Instead of having separate $wgRestrictionTypes and $wgRestrictionLevels, have a combined $wgRestrictions or something with a format like 
$wgRestrictions = array('edit'=>array('autoconfirmed', 'sysop'), 'move'=>array('sysop'));
though the protection form and any other uses of the protection types/levels variables would have to support both config options for backwards compatibility, which could potentially be ugly.
Comment 4 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-12-26 01:19:41 UTC
Yeah, that's the basic problem: how do you figure out if one right implies another?  What happens, for that matter, if a sysadmin changes $wgGroupPermissions -- suddenly all protections of a given type should vanish?

It might make more sense to allow *manual* specification of a certain type of protection that should be prohibited.  So you could do something like

$wgProhibitedRestrictions['move'][] = 'autoconfirmed';

to achieve the desired effect, say.  You might need to fiddle with the UI considerably to make this work nicely, though.
Comment 5 Ilmari Karonen 2008-12-27 18:22:33 UTC
It would probably be better to change the semantics of $wgRestrictionLevels to allow separate arrays for each action, as in:

$wgRestrictionLevels = array(
        'edit' => array( '', 'autoconfirmed', 'protect' ),
        'move' => array( '', 'protect' ),

(I _think_ PHP arrays are sufficiently flexible that we could support both the current and the proposed syntax, or even a mixture of the two, with the same variable.  The alternative, of course, would be to introduce a new config variable and deprecate $wgRestrictionLevels.)
Comment 6 Aryeh Gregor (not reading bugmail, please e-mail directly) 2008-12-27 23:36:38 UTC
Yeah, that would be a better syntax.

Note You need to log in before you can comment on or make changes to this bug.