Last modified: 2014-09-11 19:16:13 UTC
To force stewards to make global group changes only from Meta instead of any wiki, please change the code to allow assigning 'globalgrouppermissions' as a local steward right instead of a global one. Currently it is forced to be a global right. This may be due to security concerns of which I am unaware, however stewards can now make changes to global group membership from anywhere, but they should only be made on Meta. /extensions/CentralAuth/SpecialGlobalGroupPermissions.php 42 ## Permission MUST be gained from global rights. 43 return $globalUser->hasGlobalPermission( 'globalgrouppermissions' ); As well, the same for 'globalgroupmembership' and whatever the "edit wiki sets" right is called (I forget) if they are forced to be global rights as well (I couldn't immediately tell from the source code) for the same reason - membership in global groups should be changed and changing wiki sets should be done only from Meta.
A user able to modify LocalSettings.php could likely modify migrateStewards.php also and defeat any use of these limits as a security feature. (see also http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=45262 )
It's mostly because it seemed "wrong" at the time to allow global changes to be made with local rights. I am aware that there are existing sections of code where this can occur, but I thought it sensible not to add one more. I'm happy to be convinced the other way, though. What do others think?
(In reply to comment #2) > It's mostly because it seemed "wrong" at the time to allow global changes to be > made with local rights. I am aware that there are existing sections of code > where this can occur, but I thought it sensible not to add one more. > > I'm happy to be convinced the other way, though. What do others think? > I just don't understand how/why it "seemed wrong"... to allow global group changes to be made with local rights. As stated initially, this (erroneously) allows stewards to make such changes from any wiki - whereas they should be made only from Meta.
*** Bug 14914 has been marked as a duplicate of this bug. ***
Doing that from any wiki means that stewards should have to check on each project Special:Log/gblrights if any steward has anywhere abused his rights. Quite a mess with currently more than 700 projects.
Instead of committing "a crime against Nature" by making global groups manageable as a local right, I would prefer to have truly global logs. Currently there are ~700 local (sic!) global logs, which defies the purpose of having global logs.
I've filed bug 29435 about a related issue -- having access to the global groups assignment controlled by a global group means that you can't really set the system *up* without manual DB intervention to put the first person in the first group. Global logs would solve the root issue of this current bug (that local logs are hard to find because they're not centralized) but not that one. Based on the comments above, I suspect that switching it to *allow* (not necessarily *require*) a local right *and* using global logs might be the best of all worlds.
So, I still do not understand, if this is difficult to switch to global logs?
So either: A) global logging (in the centralauth database ?) which would be accessable from any wiki but only stored once; or, B) global actions are logged to the logging table of the central wiki. Accessable from the central wiki (Meta-Wiki) A) is nicer but could be too much work, don't know. B) sounds easy but requires a db-connection to be made to the central wiki and isn't really "global".
*** Bug 61548 has been marked as a duplicate of this bug. ***
