Page MenuHomePhabricator
Create Task
Maniphest T74145

Add $wgBlockGroups configuration settings for controlling which groups of users that users in various groups are allowed to block and unblock
Closed, DeclinedPublic
Actions

Description

Currently, anyone with the "block" right is able to block any user. Because of this, situations sometimes arise in which sysops get in wheel wars pointlessly blocking and unblocking each other until a bureaucrat intervenes.

It would be better to make it possible to prevent sysops from blocking or unblocking other sysops. So, I propose creating $wgBlockGroups and $wgUnblockGroups config settings that are analogous to $wgAddGroups and $wgRemoveGroups. E.g.:

$wgBlockGroups['bureaucrat'] = true;
$wgBlockGroups['sysop'] = array( 'autoconfirmed', 'bot' );

This would prevent a sysop from blocking a user who is in a group other than 'autoconfirmed' or 'bot'.

Version: unspecified
Severity: enhancement

Details

Reference
bz72145

Event Timeline

bzimport raised the priority of this task from to Lowest.Nov 22 2014, 3:43 AM
bzimport added a project: MediaWiki-User-management.
bzimport set Reference to bz72145.
leucosticte created this task.Oct 16 2014, 6:37 PM
leucosticte added a comment.Oct 16 2014, 9:37 PM

Actually we don't need the $wgUnblockGroups config setting.

gerritbot added a comment.Oct 17 2014, 1:59 AM

Change 167157 had a related patch set uploaded by leucosticte:
Add $wgBlockGroups config setting The $wgBlockGroups config setting makes it possible to restrict users to only blocking users who are not in certain groups. For example:

https://gerrit.wikimedia.org/r/167157

Anomie added a comment.Oct 17 2014, 4:08 AM

I have some doubt that "wheel wars where admins keep blocking and unblocking each other" really occurs often enough to be worth the added complexity of having this configuration option and having to decide what goes in it for each group. Let them play around until 'crats can desysop them both.

Keep in mind that in practice these lists are going to be more along the lines of "array( 'bot', 'reviewer', 'autoreview', 'accountcreator', 'import', 'transwiki', 'ipblock-exempt', 'oversight', 'founder', 'rollbacker', 'autoreviewer', 'researcher', 'filemover', 'checkuser', 'templateeditor', 'massmessage-sender', 'OTRS-member', 'abusefilter', 'epcoordinator', 'eponline', 'epcampus', 'epinstructor', 'oauthadmin', 'confirmed' )" than "array( 'bot' )" and would have to be updated every time a new group gets added.

Jackmcbarn added a comment.Oct 17 2014, 4:20 AM

If a wiki really wants this, it should be done in an extension. For one thing, it's not unheard of for a sysop to legitimately block another sysop, but this would unconditionally prevent that, if the configuration mentioned in the description were implemented. Also, we currently don't have anything even remotely related to hierarchies like this in the core, and I don't think it would be good to start.

leucosticte added a comment.Oct 17 2014, 10:05 PM

(In reply to Brad Jorsch from comment #3)

Keep in mind that in practice these lists are going to be more along the
lines of "array( 'bot', 'reviewer', 'autoreview', 'accountcreator',
'import', 'transwiki', 'ipblock-exempt', 'oversight', 'founder',
'rollbacker', 'autoreviewer', 'researcher', 'filemover', 'checkuser',
'templateeditor', 'massmessage-sender', 'OTRS-member', 'abusefilter',
'epcoordinator', 'eponline', 'epcampus', 'epinstructor', 'oauthadmin',
'confirmed' )" than "array( 'bot' )" and would have to be updated every time
a new group gets added.

One could do, a la SpecialListgrouprights.php,

$allGroups = array_unique( array_merge(
array_keys( $groupPermissions ),
array_keys( $revokePermissions ),
array_keys( $addGroups ),
array_keys( $removeGroups ),
array_keys( $groupsAddToSelf ),
array_keys( $groupsRemoveFromSelf )
) );

And then array_diff the ones one doesn't want.

leucosticte added a comment.Oct 17 2014, 10:07 PM

(In reply to Nathan Larson from comment #5)

One could do, a la SpecialListgrouprights.php,

$allGroups = array_unique( array_merge(
array_keys( $groupPermissions ),
array_keys( $revokePermissions ),
array_keys( $addGroups ),
array_keys( $removeGroups ),
array_keys( $groupsAddToSelf ),
array_keys( $groupsRemoveFromSelf )
) );

And then array_diff the ones one doesn't want.

Oh wait, maybe one couldn't do that.

Aklapper removed subscribers: Anomie, leucosticte.Oct 16 2020, 5:29 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL