Page MenuHomeMiraheze
Create Task
Maniphest T9736

ManageWiki: writeapi is not manageable
Closed, DeclinedPublic
Actions

Description

The writeapi right is not manageable through Special:ManageWiki, it seems to be manageable with restricted permissions only (Stewards). By default, the writeapi right is assigned to everyone. But someone might like to restrict it, for example, to bots and sysops.

Event Timeline

Vlad26t triaged this task as High priority.Sep 7 2022, 18:40
Vlad26t created this task.
Herald added projects: Universal Omega, MediaWiki (SRE). · View Herald TranscriptSep 7 2022, 18:40
Herald added subscribers: Agent_Isai, Universal_Omega, Void, Reception123. · View Herald Transcript
Agent_Isai lowered the priority of this task from High to Normal.Sep 7 2022, 18:42

This was done on purpose as I understand it was causing far too
many issues by users who revoked it from the user group.

Vlad26t added a comment.EditedSep 7 2022, 18:53
In T9736#196580, @Agent_Isai wrote:

This was done on purpose as I understand it was causing far too
many issues by users who revoked it from the user group.

All users, including anonymous users, have that right. Limitation of writeapi permission could prevent vandalism through the API, e.g. on large wikis. The defaults should remain but it could be changed on a particular wiki.

Void added a comment.Sep 7 2022, 19:40

The writeapi permission is also a required component for certain features and extensions, some of which may not be immediately obvious. This includes VisualEditor and DiscussionTools, though other extensions such as Comments may also not work without that permission. That being said, it's hard to determine the entirety of what may be affected given that some of these extensions don't list the requirement.

Vlad26t added a comment.EditedSep 9 2022, 05:04
In T9736#196595, @Void wrote:

The writeapi permission is also a required component for certain features and extensions, some of which may not be immediately obvious. This includes VisualEditor and DiscussionTools, though other extensions such as Comments may also not work without that permission. That being said, it's hard to determine the entirety of what may be affected given that some of these extensions don't list the requirement.

Limitation of the writeapi permission could prevent vandalism through the API—extensions such as VisualEditor and DiscussionTools also may be target. If there is needed to mitigate the results of that, the writeapi permission can be temporarily removed from some user groups, but the edition of pages via the "edit" tab to be still available to everyone.

Universal_Omega added a comment.Sep 9 2022, 05:31
In T9736#196631, @Vlad26t wrote:
In T9736#196595, @Void wrote:

The writeapi permission is also a required component for certain features and extensions, some of which may not be immediately obvious. This includes VisualEditor and DiscussionTools, though other extensions such as Comments may also not work without that permission. That being said, it's hard to determine the entirety of what may be affected given that some of these extensions don't list the requirement.

Limitation of the writeapi permission could prevent vandalism through the API—extensions such as VisualEditor and DiscussionTools also may be target. If there is needed to mitigate the results of that, the writeapi permission can be temporarily removed from some user groups, but the edition of pages via the "edit" tab to be still available to everyone.

It was intentionally restricted from ManageWiki because of a ton of reports with things not functioning at all if it is removed. Even if it was removed from just * adding it to another group did not actually fix the issues, it had to be in *. For this reason, I do not recommend we reverse that, and allow it in ManageWiki again.

Universal_Omega closed this task as Declined.Sep 12 2022, 02:10
Universal_Omega claimed this task.

Per the above.