Page MenuHomeMiraheze

Usergroups required for autopromotion keep being reset
Closed, ResolvedPublic

Description

This issue has happened for me on two occasions now. And it's lucky that no one noticed the issue that decided to take advantage of it. But when I tried to modify the Bureaucrat and Techie usergroups on my wiki, the requirements to implicitly be a member of those groups is constantly reset. So I've been forced to disable autopromotion for those usergroups for now. Since both usergroups allow access to permissions that are reserved for highly trusted users. And with this autopromotion glitch that keeps occurring, it allows any user that has confirmed their email to access those usergroups.

I've been trying to set the following requirements in order for a user to be a Bureaucrat implicitly:

#Have confirmed their email
#Have Founder rights (this requirement keeps getting reset)
#Have Techie rights (this requirement keeps getting reset)

I've been trying to set the following requirements in order for a user to be a Techie implicitly:

#Have confirmed their email
#Have Founder rights (this requirement keeps getting reset)
#Have Bureaucrat rights (this requirement keeps getting reset)

Here is the ManageWiki log of the wiki in question if it helps. https://csydes.miraheze.org/wiki/Special:Log?type=managewiki&user=&page=&wpdate=&tagfilter=&wpfilters%5B%5D=newusers

Event Timeline

Universal_Omega raised the priority of this task from Normal to High.Tue, May 10, 19:58
Universal_Omega moved this task from Backlog to Bugs on the ManageWiki board.
Universal_Omega moved this task from Backlog to Short Term on the MediaWiki (SRE) board.
Universal_Omega changed the visibility from "Public (No Login Required)" to "Custom Policy".Tue, May 10, 20:01
Universal_Omega changed the edit policy from "All Users" to "Custom Policy".
Universal_Omega added a project: Security.

I am able to reproduce with 100% reproduction. (Every single time)

https://github.com/miraheze/ManageWiki/pull/359 should hopefully fix this. The issue is not as severe as I initially thought since autopromote still is functional, it just gets overriden if group is saved again, since the form defaults for the autopromote groups is incorrect.

Universal_Omega closed this task as Resolved.EditedWed, May 11, 05:39
Universal_Omega changed the visibility from "Custom Policy" to "Public (No Login Required)".
Universal_Omega changed the edit policy from "Custom Policy" to "All Users".

This should now be fixed. Apologies for the issue.