Last modified: 2014-08-16 10:04:41 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T71301, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 69301 - Remove "viewmywatchlist" user right from anonymous users
Remove "viewmywatchlist" user right from anonymous users
Status: NEW
Product: MediaWiki
Classification: Unclassified
Watchlist (Other open bugs)
1.24rc
All All
: Low enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
: easy
Depends on:
Blocks: 50039
  Show dependency treegraph
 
Reported: 2014-08-08 16:06 UTC by Helder
Modified: 2014-08-16 10:04 UTC (History)
3 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Helder 2014-08-08 16:06:19 UTC 
I don't see the point of setting
https://github.com/wikimedia/mediawiki-core/blob/c31fbf073e112526236d3afe6ef4dab3d5cd8e6f/includes/DefaultSettings.php#L4459
$wgGroupPermissions['*']['viewmywatchlist'] = true;

if we also have this:
https://github.com/wikimedia/mediawiki-core/blob/1ea16c08d70152062ba7feef62de8a69b3d08820/includes/specials/SpecialWatchlist.php#L41-L42
// Anons don't get a watchlist
$this->requireLogin( 'watchlistanontext' );


Shouldn't
$wgGroupPermissions['*']['viewmywatchlist'] = true;
be replaced by
$wgGroupPermissions['user']['viewmywatchlist'] = true;
?
Comment 1 Helder 2014-08-08 16:12:14 UTC 
There seems to be other permissions in the same situation: editmywatchlist, editmyusercss, editmyuserjs, editmyoptions (bug 20151?).
Comment 2 Brad Jorsch 2014-08-08 19:55:50 UTC 
True, these have no effect for anonymous users. But it does allow the possibility of using User::isEveryoneAllowed() in situations where that's advantageous, since it's very likely that outside of OAuth requests all relevant users really will have these permissions.
Comment 3 Helder 2014-08-08 19:59:27 UTC 
For context, here is where I noticed removing the permission from would be relevant:
https://en.wikipedia.org/w/index.php?title=MediaWiki_talk:Gadgets-definition#GeoNotice
The gadget in question modifies [[Special:Watchlist]] but it is intended only for users with access to that page (currently, logged in users), and the Gadgets extension is based on "rights" not "groups" (per bug 12211 comment 4).
Comment 4 Erwin Dokter 2014-08-08 20:21:52 UTC 
The ['*'] implies these are catch-all rights.

But instead of dabbling with user rights, I'd like to be able to specify user groups when defining a gadget module, so we can target user classes.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links