Last modified: 2013-08-05 19:15:05 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T36814, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 34814 - Improve rewrite.py usage of users and ACLs
Improve rewrite.py usage of users and ACLs
Status: RESOLVED FIXED
Product: MediaWiki extensions
Classification: Unclassified
Other (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2012-02-29 20:44 UTC by Aaron Schulz
Modified: 2013-08-05 19:15 UTC (History)
1 user (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Aaron Schulz 2012-02-29 20:44:15 UTC 
Ideally, we'd like to have a swift user for MW. One ("mediawiki") creates containers and objects and has full access to them. MW would grant access to public containers via this swift user to the second user ("webuser"). The later would just be able to read objects in the public container.

SwiftFileBackend pretty much supports this. I'd like to be able to do this without "mediawiki" being an admin user if possible. This requires swifting through docs and swift code to figure out if non-admins can change ACLs on containers they own or have a certain level of access to.
Comment 1 Aaron Schulz 2012-02-29 21:44:25 UTC 
(In reply to comment #0)
> SwiftFileBackend pretty much supports this. I'd like to be able to do this
> without "mediawiki" being an admin user if possible. This requires swifting
> through docs and swift code to figure out if non-admins can change ACLs on
> containers they own or have a certain level of access to.

That said this isn't really a big deal (for the "mediawiki" user to have full "mw" account access) and seems like it's not avoidable anyway.
Comment 2 Aaron Schulz 2012-08-06 18:16:06 UTC 
Maybe we can have users "mw:system" and "mw:rewrite".
Comment 3 Aaron Schulz 2012-08-20 16:45:40 UTC 
(In reply to comment #2)
> Maybe we can have users "mw:system" and "mw:rewrite".

Actually, since rewrite no longer writes thumbs, we can just have "mw:system" as rewrite only needs unauthenticated reads.
Comment 4 Aaron Schulz 2013-08-05 19:15:05 UTC 
This is basically done already.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links