Page MenuHomePhabricator
Create Task
Maniphest T406493

Limit user rights on our wikis
Closed, ResolvedPublic4 Estimated Story Points
Actions

Description

Limit ordinary users to only be able to do the minimum that they need. This should help minimise the risk that things are added or modified either by mistake or maliciously.

The only editing rights that are needed are:

  • Demo wiki: change preferences.
  • Producer wiki: write to the pronunciation lexicon.

Documentation for this can be found on mw:Manual:User rights.

Event Timeline

Sebastian_Berlin-WMSE created this task.Oct 6 2025, 2:01 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 6 2025, 2:01 PM
Sebastian_Berlin-WMSE moved this task from Incoming to Proposed for next sprint on the Wikispeech-Jobrunner board.Oct 15 2025, 9:53 AM
Sebastian_Berlin-WMSE set the point value for this task to 4.Oct 15 2025, 9:56 AM
Sebastian_Berlin-WMSE moved this task from Proposed for next sprint to Sprint on the Wikispeech-Jobrunner board.
Sebastian_Berlin-WMSE edited projects, added Wikispeech-Jobrunner (Sprint); removed Wikispeech-Jobrunner.
Viktoria_Hillerud_WMSE subscribed.Thu, Nov 20, 10:19 AM

So I guess these are the only options we want to have:

Demo wiki: $wgGroupPermissions['user']['editmyoptions'] = true;
Producer: $wgGroupPermissions['wikispeech-edit-lexicon']['wikispeech-edit-lexicon'] = true; or: $wgGroupPermissions['user']['wikispeech-edit-lexicon'] = true;

Sebastian_Berlin-WMSE added a comment.Thu, Nov 20, 11:04 AM

Yes, for editing. We still want to keep reading and listening permissions for everyone.

Producer: $wgGroupPermissions['wikispeech-edit-lexicon']['wikispeech-edit-lexicon'] = true; or: $wgGroupPermissions['user']['wikispeech-edit-lexicon'] = true;

I'd say the first since we have that specific group. Not sure that it'll make any difference at the moment, but could in the future.

Viktoria_Hillerud_WMSE claimed this task.Thu, Nov 20, 12:54 PM
Viktoria_Hillerud_WMSE added a project: User-Viktoria_Hillerud_WMSE.
Viktoria_Hillerud_WMSE moved this task from Backlog to In progress on the Wikispeech-Jobrunner (Sprint) board.
Viktoria_Hillerud_WMSE moved this task from Backlog to This week on the User-Viktoria_Hillerud_WMSE board.
Viktoria_Hillerud_WMSE added a comment.Fri, Nov 21, 7:49 AM

The only thing I can find to remove in producer and demo wiki is this:

$wgGroupPermissions['user']['pagelang'] = true; otherwise it seems like the user did not have access to any other rights?

Sebastian_Berlin-WMSE added a comment.Fri, Nov 21, 8:00 AM

There are default values for group permissions: mw:Manual:User rights. You can also look at Special:ListGroupRights to see settings for that wiki.

Viktoria_Hillerud_WMSE added a comment.Fri, Nov 21, 8:24 AM

Yes, thanks! Then I think this is done!

Viktoria_Hillerud_WMSE moved this task from This week to Waiting on the User-Viktoria_Hillerud_WMSE board.Fri, Nov 21, 12:10 PM
Viktoria_Hillerud_WMSE added a project: User-Sebastian_Berlin-WMSE.
Viktoria_Hillerud_WMSE moved this task from Backlog to Reviewing on the User-Sebastian_Berlin-WMSE board.
Viktoria_Hillerud_WMSE moved this task from Waiting to This week on the User-Viktoria_Hillerud_WMSE board.Mon, Nov 24, 7:29 AM
Viktoria_Hillerud_WMSE moved this task from This week to Waiting on the User-Viktoria_Hillerud_WMSE board.
Sebastian_Berlin-WMSE added a comment.Tue, Nov 25, 2:03 PM

It looks like you locked down a bit too much. Now I can't edit or create pages as an admin 🙂 I think you may have to add the permissions you removed to the admin group.

Viktoria_Hillerud_WMSE added a comment.Tue, Nov 25, 2:27 PM

Oh.. I had reset the user group's rights on the demo wiki using $wgGroupPermissions['user'] = []; to ensure ordinary users can't edit anything, so I think I removed it all..

To fix this, i guess for example these are needed for admin?:

$wgGroupPermissions['sysop']['edit'] = true;
$wgGroupPermissions['sysop']['createpage'] = true;
$wgGroupPermissions['sysop']['upload'] = true;
$wgGroupPermissions['sysop']['move'] = true;

Sebastian_Berlin-WMSE added a comment.Tue, Nov 25, 3:02 PM

I think that would work. There may be something in the documentation about doing something like this. It might be worth having a look if you haven't already.

Viktoria_Hillerud_WMSE moved this task from Waiting to This week on the User-Viktoria_Hillerud_WMSE board.Mon, Dec 1, 8:05 AM
Viktoria_Hillerud_WMSE added a comment.Mon, Dec 1, 8:32 AM

Now it should finally work. From what I could read fro the documentation the way to go was to manually add the extra rights to the sysop when needed.

Viktoria_Hillerud_WMSE moved this task from This week to Waiting on the User-Viktoria_Hillerud_WMSE board.Mon, Dec 1, 8:40 AM
Sebastian_Berlin-WMSE moved this task from Reviewing to Done on the User-Sebastian_Berlin-WMSE board.Mon, Dec 1, 9:23 AM

Yes, it works now.

Viktoria_Hillerud_WMSE moved this task from Waiting to Done on the User-Viktoria_Hillerud_WMSE board.Mon, Dec 1, 9:24 AM
Viktoria_Hillerud_WMSE moved this task from In progress to Done on the Wikispeech-Jobrunner (Sprint) board.
Viktoria_Hillerud_WMSE closed this task as Resolved.Wed, Dec 10, 2:01 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits