Page MenuHomeMiraheze

Restrict ability to delete bureaucrat and sysop group without Steward assistance
Open, LowPublic

Description

A perennial issue that occurs is that people delete the bureaucrat and sysop group. In fact, just today, someone did it. As such, following a community consultation on the Community noticeboard via a Request for Feedback (most expressed that they were fine with the idea) and subsequent chats via Miraheze Meetings and Discord/IRC with community stakeholders, we should restrict the ability to delete the bureaucrat and sysop group without the assistance of a Steward.

Ideally, the button should be hidden to everyone who doesn't have managewiki-restricted in their toolset. When requested on the SN, a Steward can delete the group so long as a replacement for it exists (especially for bureaucrats as deleting the group locks people out of ManageWiki).

Event Timeline

Agent_Isai created this task.

Personally, I think we should just provide a warning rather than restrict the ability entirely - a user can correctly reconfigure the wiki ecosystem and this would then generate a new type of workload of requesting stewards correctly delete a bureaucrat or sysop group thereby changing the problem, not fixing it.

Even better would be to make it so the user can't delete a user group if it would remove *their* access to ManageWiki - this would not be group specific and would solve the problem above while also resolving the core issue.

In T10230#206299, @John wrote:

Personally, I think we should just provide a warning rather than restrict the ability entirely - a user can correctly reconfigure the wiki ecosystem and this would then generate a new type of workload of requesting stewards correctly delete a bureaucrat or sysop group thereby changing the problem, not fixing it.

Even better would be to make it so the user can't delete a user group if it would remove *their* access to ManageWiki - this would not be group specific and would solve the problem above while also resolving the core issue.

I plan on looking how to implement this on CreateWiki and I was going to go with a simpler approach: prevent deletion if the group has the managewiki permission rather than check if deleting the group would remove them from ManageWiki, but I guess your approach is better.

edit: It is better, I just didn't fully understood your comment when I first posted this.

In T10230#206299, @John wrote:

Personally, I think we should just provide a warning rather than restrict the ability entirely - a user can correctly reconfigure the wiki ecosystem and this would then generate a new type of workload of requesting stewards correctly delete a bureaucrat or sysop group thereby changing the problem, not fixing it.

Even better would be to make it so the user can't delete a user group if it would remove *their* access to ManageWiki - this would not be group specific and would solve the problem above while also resolving the core issue.

A Steward would only delete the group if a replacement group exists with ManageWiki/equivalent rights assigned. I discussed a similar proposal with CosmicAlpha who said it would be harder to implement hence why this was suggested as an alternative. If anyone wants to give it a try then that'd be most welcome.

In T10230#206299, @John wrote:

Personally, I think we should just provide a warning rather than restrict the ability entirely - a user can correctly reconfigure the wiki ecosystem and this would then generate a new type of workload of requesting stewards correctly delete a bureaucrat or sysop group thereby changing the problem, not fixing it.

Even better would be to make it so the user can't delete a user group if it would remove *their* access to ManageWiki - this would not be group specific and would solve the problem above while also resolving the core issue.

A Steward would only delete the group if an alternative exists for it. I discussed this with CosmicAlpha who said it would be harder to implement hence why this was suggested as an alternative instead. If anyone wants to give it a try then that'd be most welcome.

But it would still generate a new workflow that eventually someone would go "so this happens and we should fix it" whereby legitimate deletions are needed. Plus that then raises a question of - should we keep a broken system we can fix than over fix and break something that works and in theory, isn't a problem that needs fixing?

We should work to fix problems - not create problems by breaking what works and is unique.

In T10230#206299, @John wrote:

Personally, I think we should just provide a warning rather than restrict the ability entirely - a user can correctly reconfigure the wiki ecosystem and this would then generate a new type of workload of requesting stewards correctly delete a bureaucrat or sysop group thereby changing the problem, not fixing it.

Even better would be to make it so the user can't delete a user group if it would remove *their* access to ManageWiki - this would not be group specific and would solve the problem above while also resolving the core issue.

A Steward would only delete the group if a replacement group exists with ManageWiki/equivalent rights assigned. I discussed a similar proposal with CosmicAlpha who said it would be harder to implement hence why this was suggested as an alternative. If anyone wants to give it a try then that'd be most welcome.

It would require retrieving the user's group membership, and going through the permissions of all the groups (except the one being deleted) to check if any of them have the managewiki permission. It is harder, but it could be interesting to see how much harder.

In T10230#206302, @John wrote:

But it would still generate a new workflow that eventually someone would go "so this happens and we should fix it" whereby legitimate deletions are needed. Plus that then raises a question of - should we keep a broken system we can fix than over fix and break something that works and in theory, isn't a problem that needs fixing?

We should work to fix problems - not create problems by breaking what works and is unique.

This was suggested as an alternative to a dialogue box which warns users against deleting a group which contains the managewiki right as it was said that it'd be difficult to implement such a feature. The overall goal of this task is to implement some sort of determent at least to prevent wandering bureaucrats who don't know what the group is/if it's important from deleting it accidentally because they thought it was not important. This is indeed an issue and in the past few weeks, this scenario has occured 5 times and the number will probably only grow as more novice users who aren't familiar with MediaWiki discover Miraheze and make their own wikis.

If a dialogue warning users can be made then that'd be wonderful, the overall goal of this is just to provide a determent to stop bureaucrats from accidentally deleting the group and this was suggested as the easiest solution.

A dialogue box if the group contains managewiki rights is a rather easy solution to implement as all the logic would just be checking the group rights that are already exposed for the rights selection pages.

To be fair even searching for user rights assigned to other groups and preventing deletion if it's the only group granting managewiki rights would be a simple solution - it just requires a few array searches.