[MediaWiki-commits] [Gerrit] wikitech: Clean up contentadmin rights - change (operations/mediawiki-config)

[Alex Monk (Code Review)]

Alex Monk has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/222776

Change subject: wikitech: Clean up contentadmin rights
......................................................................

wikitech: Clean up contentadmin rights

Explicitly disable some of the more dangerous things like editinterface, but
otherwise give them normal admin rights.

This adds:
* Bypass IP blocks, auto-blocks and range blocks (ipblock-exempt)
* Bypass automatic blocks of proxies (proxyunbannable)
* Create and delete tags from the database (managechangetags)
* Create new user accounts (createaccount)
* Delete and undelete specific log entries (deletelogentry)
* Delete and undelete specific revisions of pages (deleterevision)
* Edit pages protected as "Allow only autoconfirmed users" (editsemiprotected)
* Import pages from other wikis (import)
* Mark rolled-back edits as bot edits (markbotedits)
* Mass delete pages (nuke)
* Merge the history of pages (mergehistory)
* Modify abuse filters (abusefilter-modify)
* Move category pages (move-categorypages)
* Move pages (move)
* Move pages with their subpages (move-subpages)
* Move root user pages (move-rootuserpages)
* Not be affected by rate limits (noratelimit)
* Override files on the shared media repository locally (reupload-shared)
* Overwrite existing files (reupload)
* Send a message to multiple users at once (massmessage)
* Unblock oneself (unblockself)
* Upload files (upload)
* Use higher limits in API queries (apihighlimits)
* View a list of unwatched pages (unwatchedpages)
* View detailed abuse log entries (abusefilter-log-detail)
* View the spam blacklist log (spamblacklistlog)

(some of these things they'd already get by being normal autoconfirmed users,
such as move)

And also takes away some things we don't normally give out to admins (presumed
to be left over from before the migration):
* Delete pages with large histories (bigdelete)
* Import pages from a file upload (importupload)
* Upload files from a URL (upload_by_url)

Change-Id: I769001e4260a78f72070707aa56aa481c7db0089
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 9 insertions(+), 21 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/mediawiki-config 
refs/changes/76/222776/1

diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index e7277fe..f23e518 100755
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -2745,6 +2745,15 @@
        // Don't depend on other DB servers
        $wgDefaultExternalStore = false;
 
+       $wgGroupPermissions['contentadmin'] = $wgGroupPermissions['sysop'];
+       $wgGroupPermissions['contentadmin']['editusercss'] = false;
+       $wgGroupPermissions['contentadmin']['edituserjs'] = false;
+       $wgGroupPermissions['contentadmin']['editrestrictedfield'] = false;
+       $wgGroupPermissions['contentadmin']['editinterface'] = false;
+       $wgGroupPermissions['contentadmin']['tboverride'] = false;
+       $wgGroupPermissions['contentadmin']['titleblacklistlog'] = false;
+       $wgGroupPermissions['contentadmin']['override-antispoof'] = false;
+
        // Some settings specific to wikitech's extensions
        include( "$wmfConfigDir/wikitech.php" );
 }
diff --git a/wmf-config/InitialiseSettings.php 
b/wmf-config/InitialiseSettings.php
index da50cfe..495bf0f 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -7666,27 +7666,6 @@
                        'edit' => false,
                        'createaccount' => true,
                ),
-               'contentadmin' => array(
-                       'protect' => true,
-                       'editprotected' => true,
-                       'bigdelete' => true,
-                       'delete' => true,
-                       'undelete' => true,
-                       'block' => true,
-                       'blockemail' => true,
-                       'patrol' => true,
-                       'autopatrol' => true,
-                       'import' => true,
-                       'importupload' => true,
-                       'upload_by_url' => true,
-                       'movefile' => true,
-                       'suppressredirect' => true,
-                       'rollback' => true,
-                       'browsearchive' => true,
-                       'deletedhistory' => true,
-                       'deletedtext' => true,
-                       'autoconfirmed' => true,
-               ),
                'bots' => array('skipcaptcha' => true ),
                'cloudadmin' => array(
                        'listall' => true,

-- 
To view, visit https://gerrit.wikimedia.org/r/222776
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I769001e4260a78f72070707aa56aa481c7db0089
Gerrit-PatchSet: 1
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Alex Monk <kren...@gmail.com>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits