Page MenuHomeMiraheze
Create Task
Maniphest T3739

Permissions settings do not longer seem to be effective
Closed, InvalidPublic
Actions

Description

The group User had only the permission to read, not to create or to change a page. The group Editor (https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/editor) however had the right to change pages. It seems this distinction has changed: although the permissions of the group User seem to be set correct on the permissions form (https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/user ), in reality every visitor (not logged in user) can change a page or create one and save it. I discovered it today.

Event Timeline

Kees_Langeveld created this task.Oct 28 2018, 06:18
Herald added subscribers: Southparkfan, Reception123. · View Herald TranscriptOct 28 2018, 06:18
Reception123 added a subscriber: Paladox.Oct 28 2018, 08:15
Paladox added a comment.Oct 28 2018, 09:35

Hi, you probaly want to change https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* since User only affects logged in users where as * affects annons.

MacFan4000 lowered the priority of this task from High to Normal.Oct 28 2018, 11:11
MacFan4000 changed the visibility from "Custom Policy" to "Public (No Login Required)".
MacFan4000 changed the edit policy from "Custom Policy" to "All Users".
MacFan4000 removed a project: acl*security.
John closed this task as Invalid.EditedOct 28 2018, 12:04
John subscribed.

This was caused by https://meta.miraheze.org/wiki/Tech:Incidents/2018-10-26-all-wikis-down.

Nothing wrong with the software otherwise.

Paladox added a comment.Oct 28 2018, 12:06

@John how so? https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* Dosent show any one changing it previously (see the log at the bottom)

John added a comment.Oct 28 2018, 12:08

It was the case before MWP existed.

MacFan4000 reopened this task as Open.Oct 28 2018, 12:10
MacFan4000 subscribed.
This comment was removed by MacFan4000.
Herald added a project: MacFan4000. · View Herald TranscriptOct 28 2018, 12:10
MacFan4000 closed this task as Resolved.Oct 28 2018, 12:16
MacFan4000 claimed this task.
MacFan4000 removed MacFan4000 as the assignee of this task.
John changed the task status from Resolved to Invalid.Oct 28 2018, 12:18

“in reality every visitor (not logged in user) can change a page or create one and save it. I discovered it today.”

Again, nothing wrong.

Kees_Langeveld added a comment.Oct 28 2018, 13:10

I understand now that the group User is not the default group for visitors, it is the group * that is the default visitors group. So I misconceived it. However, I think remembering that I could not create of modify a page when logged out.

Kees_Langeveld added a comment.Oct 28 2018, 13:24

I just have restricted the rights of the group * and now it's okay.