jenkins-bot has submitted this change and it was merged.
Change subject: wikitech: Clean up contentadmin rights
......................................................................
wikitech: Clean up contentadmin rights
Explicitly disable some of the more dangerous things like editinterface, but
otherwise give them normal admin rights.
This adds:
* Bypass IP blocks, auto-blocks and range blocks (ipblock-exempt)
* Bypass automatic blocks of proxies (proxyunbannable)
* Create and delete tags from the database (managechangetags)
* Delete and undelete specific log entries (deletelogentry)
* Delete and undelete specific revisions of pages (deleterevision)
* Edit pages protected as "Allow only autoconfirmed users" (editsemiprotected)
* Import pages from other wikis (import)
* Mark rolled-back edits as bot edits (markbotedits)
* Mass delete pages (nuke)
* Merge the history of pages (mergehistory)
* Modify abuse filters (abusefilter-modify)
* Move category pages (move-categorypages)
* Move pages (move)
* Move pages with their subpages (move-subpages)
* Move root user pages (move-rootuserpages)
* Not be affected by rate limits (noratelimit)
* Override files on the shared media repository locally (reupload-shared)
* Overwrite existing files (reupload)
* Send a message to multiple users at once (massmessage)
* Unblock oneself (unblockself)
* Upload files (upload)
* Use higher limits in API queries (apihighlimits)
* View a list of unwatched pages (unwatchedpages)
* View detailed abuse log entries (abusefilter-log-detail)
* View the spam blacklist log (spamblacklistlog)
(some of these things they'd already get by being normal autoconfirmed users,
such as move)
And also takes away some things we don't normally give out to admins (presumed
to be left over from before the migration):
* Delete pages with large histories (bigdelete)
* Import pages from a file upload (importupload)
* Upload files from a URL (upload_by_url)
Change-Id: I769001e4260a78f72070707aa56aa481c7db0089
---
M wmf-config/CommonSettings.php
M wmf-config/InitialiseSettings.php
2 files changed, 11 insertions(+), 22 deletions(-)
Approvals:
Andrew Bogott: Looks good to me, but someone else must approve
Alex Monk: Looks good to me, approved
jenkins-bot: Verified
diff --git a/wmf-config/CommonSettings.php b/wmf-config/CommonSettings.php
index 2c21fbf..00526ad 100755
--- a/wmf-config/CommonSettings.php
+++ b/wmf-config/CommonSettings.php
@@ -2762,6 +2762,16 @@
// Don't depend on other DB servers
$wgDefaultExternalStore = false;
+ $wgGroupPermissions['contentadmin'] = $wgGroupPermissions['sysop'];
+ $wgGroupPermissions['contentadmin']['editusercss'] = false;
+ $wgGroupPermissions['contentadmin']['edituserjs'] = false;
+ $wgGroupPermissions['contentadmin']['editrestrictedfield'] = false;
+ $wgGroupPermissions['contentadmin']['editinterface'] = false;
+ $wgGroupPermissions['contentadmin']['tboverride'] = false;
+ $wgGroupPermissions['contentadmin']['titleblacklistlog'] = false;
+ $wgGroupPermissions['contentadmin']['override-antispoof'] = false;
+ $wgGroupPermissions['contentadmin']['createaccount'] = false;
+
// Some settings specific to wikitech's extensions
include( "$wmfConfigDir/wikitech.php" );
}
diff --git a/wmf-config/InitialiseSettings.php
b/wmf-config/InitialiseSettings.php
index 943ed2a..edce925 100644
--- a/wmf-config/InitialiseSettings.php
+++ b/wmf-config/InitialiseSettings.php
@@ -7661,31 +7661,10 @@
),
'user' => array( 'reupload-own' => false ), // T85621
),
- 'labswiki' => array(
+ 'labswiki' => array( // contentadmin is handled in CommonSettings, not
here
'*' => array(
'edit' => false,
'createaccount' => true,
- ),
- 'contentadmin' => array(
- 'protect' => true,
- 'editprotected' => true,
- 'bigdelete' => true,
- 'delete' => true,
- 'undelete' => true,
- 'block' => true,
- 'blockemail' => true,
- 'patrol' => true,
- 'autopatrol' => true,
- 'import' => true,
- 'importupload' => true,
- 'upload_by_url' => true,
- 'movefile' => true,
- 'suppressredirect' => true,
- 'rollback' => true,
- 'browsearchive' => true,
- 'deletedhistory' => true,
- 'deletedtext' => true,
- 'autoconfirmed' => true,
),
'bots' => array('skipcaptcha' => true ),
'cloudadmin' => array(
--
To view, visit https://gerrit.wikimedia.org/r/222776
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: I769001e4260a78f72070707aa56aa481c7db0089
Gerrit-PatchSet: 4
Gerrit-Project: operations/mediawiki-config
Gerrit-Branch: master
Gerrit-Owner: Alex Monk <[email protected]>
Gerrit-Reviewer: Alex Monk <[email protected]>
Gerrit-Reviewer: Andrew Bogott <[email protected]>
Gerrit-Reviewer: Krinkle <[email protected]>
Gerrit-Reviewer: Yuvipanda <[email protected]>
Gerrit-Reviewer: jenkins-bot <>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
