Page MenuHomeMiraheze

Permissions settings do not longer seem to be effective
Closed, InvalidPublic

Description

The group User had only the permission to read, not to create or to change a page. The group Editor (https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/editor) however had the right to change pages. It seems this distinction has changed: although the permissions of the group User seem to be set correct on the permissions form (https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/user ), in reality every visitor (not logged in user) can change a page or create one and save it. I discovered it today.

Event Timeline

Paladox added a comment.Oct 28 2018, 09:35

Hi, you probaly want to change https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* since User only affects logged in users where as * affects annons.

MacFan4000 lowered the priority of this task from High to Normal.Oct 28 2018, 11:11
MacFan4000 changed the visibility from "Custom Policy" to "Public (No Login Required)".
MacFan4000 changed the edit policy from "Custom Policy" to "All Users".
MacFan4000 removed a project: Security.
John closed this task as Invalid.EditedOct 28 2018, 12:04
John added a subscriber: John.

This was caused by https://meta.miraheze.org/wiki/Tech:Incidents/2018-10-26-all-wikis-down.

Nothing wrong with the software otherwise.

Paladox added a comment.Oct 28 2018, 12:06

@John how so? https://christipedia.miraheze.org/wiki/Speciaal:ManageWikiPermissions/* Dosent show any one changing it previously (see the log at the bottom)

John added a comment.Oct 28 2018, 12:08

It was the case before MWP existed.

MacFan4000 reopened this task as Open.Oct 28 2018, 12:10
MacFan4000 added a subscriber: MacFan4000.
This comment was removed by MacFan4000.
MacFan4000 closed this task as Resolved.Oct 28 2018, 12:16
MacFan4000 claimed this task.
MacFan4000 removed MacFan4000 as the assignee of this task.
John changed the task status from Resolved to Invalid.Oct 28 2018, 12:18

“in reality every visitor (not logged in user) can change a page or create one and save it. I discovered it today.”

Again, nothing wrong.

I understand now that the group User is not the default group for visitors, it is the group * that is the default visitors group. So I misconceived it. However, I think remembering that I could not create of modify a page when logged out.

I just have restricted the rights of the group * and now it's okay.