Page MenuHomePhabricator
Create Task
Maniphest T27059

Admins can delete pages that they can't edit
Closed, ResolvedPublic
Actions

Description

Author: kudu

Description:
When you set up a custom protection level that isn't available to users that don't have special user groups apart from admins, admins can still delete those pages.

For example, if you create a "restricted" protection level and give the right to edit those pages to the "restricted" user group, admins (probably because they have the protect and delete rights) who aren't in the "restricted" group won't be able to edit pages that are protected at the "restricted" level, but they'll be able to delete them.

Version: unspecified
Severity: enhancement

Details

Reference
bz25059

Event Timeline

bzimport raised the priority of this task from to Low.Nov 21 2014, 11:12 PM
bzimport added a project: MediaWiki-Page-protection.
bzimport set Reference to bz25059.
bzimport added a subscriber: Unknown Object (MLST).
bzimport created this task.Sep 4 2010, 10:54 PM
bzimport added a comment.Sep 17 2010, 10:30 PM

ayg wrote:

MediaWiki isn't really designed for this level of permissions granularity, so probably no one wants to bother fixing this. Someone (not me) might be willing to review patches if you're willing to write them.

bzimport added a comment.Jul 5 2011, 1:04 AM

kudu wrote:

There are still some other restrictions as to manipulating pages which you can't edit as an admin. For example, admins can't change the protection levels for pages they can't edit. However, they could delete the page, and restore it, to strip the protection.

Umherirrender subscribed.Nov 10 2015, 7:32 PM

Fixed by https://gerrit.wikimedia.org/r/#/c/153345/

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 10 2015, 7:32 PM
Umherirrender closed this task as Resolved.Nov 10 2015, 7:32 PM
Umherirrender set Security to None.
Umherirrender removed a subscriber: wikibugs-l-list.
Meno25 unsubscribed.Nov 29 2015, 7:26 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL