Page MenuHomePhabricator
Create Task
Maniphest T10834

Split off permission for editing user JavaScript and CSS from "editinterface"
Closed, ResolvedPublic
Actions

Description

Author: md5

Description:
We would like to allow users with "sysop" permission to edit the MediaWiki
namespace without being able to edit user JavaScript and CSS. In our
installation, we have already disabled site JavaScript using $wgUseSiteJs, but
we'd like to retain the ability to have user JavaScript that is not editable by
"sysop".

To do this, we have split the permission for editing the MediaWiki namespace and
user JS/CSS into two permissions: "editinterface" and "edituserjscss". I will
attach a patch for Title.php and DefaultSettings.php that implements this split
in my next update to this bug. The changes to Title.php change control of user
JS/CSS editing from "editinterface" to "edituserjscss". The changes to
DefaultSettings.php set "edituserjscss" to true by default for "sysop" to
maintain the existing default behavior.

The only repercussion I can see from this change is that installations that have
already disabled "editinterface" for "sysop" will have to add a setting for
"edituserjscss" when they upgrade.

Version: 1.10.x
Severity: enhancement
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=69911

Details

Reference
bz8834

Related Objects

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 9:30 PM
bzimport added a project: MediaWiki-Installer.
bzimport set Reference to bz8834.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Jan 30 2007, 7:58 PM
bzimport added a comment.Jan 30 2007, 7:59 PM

md5 wrote:

Patch to create "edituserjscss" permission

This patch was created today off the SVN trunk of MediaWiki.

Attached:

edituserjscss.patch1 KBDownload

bzimport added a comment.Feb 3 2007, 3:55 PM

md5 wrote:

With the SVN version, a similar effect can be acheived using
$wgNamespaceProtection by changing the permission for editing MediaWiki from
"editinterface" to a new permission. That way, "editinterface" actually only
controls editing user JS and CSS. However, this seems a little odd, since
editing the MediaWiki namespace seems to be the core purpose of the
"editinterface" permission.

$wgNamespaceProtection[NS_MEDIAWIKI] = array('editmediawikins');

If this is done, the following restores the current default install permissions
by allowing the "editmediawikins" permission for "sysop" (in addition to
"editinterface", which is already enabled):

$wgGroupPermissions['*']['editmediawikins'] = false;
$wgGroupPermissions['sysop']['editmediawikins'] = true;

However, this also has the same problem for installations that have already
restricted "editinterface".

werdna added a comment.Sep 10 2007, 8:11 AM

Done in r25720. Different patch used.

matmarex mentioned this in T72182: Restrict editing of core MediaWiki javascript / css with a separate user right.Dec 21 2014, 6:00 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL