Page MenuHomeMiraheze
Create Task
Maniphest T7257

Expand managewiki blacklist for *
Closed, ResolvedPublic
Actions

Description

Per parent task,

editmyoptions, editmyprivateinfo, editmywatchlist, viewmyprivateinfo, viewmywatchlist

Should be locked to * because there's no need to ever not be

oathauth-enable

Is used to control 2FA settings so most definately needs to be our you can't enable 2FA via that wiki

Related Objects
Search...

Event Timeline

RhinosF1 created this task.May 6 2021, 15:08
Herald added a subscriber: Reception123. · View Herald TranscriptMay 6 2021, 15:08
Restricted Repository Identity mentioned this in R9:483bf89b6801: blacklist some rights in managewiki for * T7257.May 10 2021, 09:52
Reception123 removed a project: Security.May 10 2021, 10:19
Reception123 changed the visibility from "Custom Policy" to "Public (No Login Required)".
Reception123 changed the edit policy from "Custom Policy" to "All Users".
Herald added subscribers: Joritochip, Redmin, NDKilla. · View Herald TranscriptMay 10 2021, 10:19
Restricted Repository Identity mentioned this in R9:79be47c302b4: blacklist some rights in managewiki for * T7257 (#3886).May 10 2021, 10:19
Reception123 closed this task as Resolved.May 10 2021, 10:20
Reception123 claimed this task.

done

Dmehus subscribed.May 10 2021, 12:05

@Reception123 This is fine, and I was going to suggest this as well; however, some wikis had already removed these. Did you also do a database query update to re-add these rights to * on wikis that removed them? This is what we did when we removed managewiki from * and blacklisted it from being used in the * group

Reception123 added a comment.May 10 2021, 12:09

My understanding was that this would be overridden by LocalSettings.php, because here the issue isn't that it was added to * (like managewiki was) but instead that they were removed from *

Dmehus added a comment.May 10 2021, 12:11
In T7257#144451, @Reception123 wrote:

My understanding was that this would be overridden by LocalSettings.php, because here the issue isn't that it was added to * (like managewiki was) but instead that they were removed from *

@Reception123 Ah, true, yeah, I was thinking about that after. In this case, you're not removing rights from being added to *, you're adding them to the * group and preventing them from changed in that group in ManageWiki, essentially. So, yeah, we should probably be fine. :)

Reception123 added a comment.May 10 2021, 12:13
In T7257#144452, @Dmehus wrote:
In T7257#144451, @Reception123 wrote:

My understanding was that this would be overridden by LocalSettings.php, because here the issue isn't that it was added to * (like managewiki was) but instead that they were removed from *

@Reception123 Ah, true, yeah, I was thinking about that after. In this case, you're not removing rights from being added to *, you're adding them to the * group and preventing them from changed in that group in ManageWiki, essentially. So, yeah, we should probably be fine. :)

Yeah :)

Restricted Repository Identity mentioned this in R9:431f8f07682d: Update REL1_36 from master (#3891).May 12 2021, 21:06
Restricted Repository Identity mentioned this in R9:fbacf39fcfb1: Merge 'master' into REL1_36 (#3845).May 12 2021, 21:33
Restricted Repository Identity mentioned this in R9:ce4ac0726e98: Update config for 1.36 (#3824).Jun 12 2021, 19:45