Page MenuHomePhabricator
Create Task
Maniphest T31435

CentralAuth's Special:GlobalGroupMembership setup catch-22
Closed, ResolvedPublic
Actions

Description

CentralAuth's Special:GlobalGroupMembership (aka Special:GlobalUserRights) only allows users to use it who are already in a global group that confers the 'globalgroupmembership' right -- no local group can apply this property.

While this sounds nice, it seems to involve a bit of a chicken-and-egg problem: without diving into the raw database, there's nobody who can add the first global op user to the appropriate group.

T19308: CentralAuth's global logs (gblrights/globalauth) should be global or central instead of local requests entirely *removing* the global right and replacing it with *only* a local right, for a different reason -- ensuring that it can only be run from a single wiki. This appears to be motivated by logging issues -- apparently we don't (or didn't, don't know the current status) have global logs for global actions like this, so the logs go into the local wiki where they might not be seein.

Either way, it would be useful to have some way to actually set it in the first place...

Details

Reference
bz29435
SubjectRepoBranchLines +/-
Change permission check from global permission to user permissionmediawiki/extensions/CentralAuthmaster+2 -4
Customize query in gerrit

Related Objects
Search...

Event Timeline

bzimport raised the priority of this task from to Medium.Nov 21 2014, 11:36 PM
bzimport added a project: MediaWiki-extensions-CentralAuth.
bzimport set Reference to bz29435.
bzimport added a subscriber: Unknown Object (MLST).
brion created this task.Jun 16 2011, 6:32 PM
vvv added a comment.Jun 16 2011, 6:34 PM

migrateStewards.php does that.

brion added a comment.Jun 16 2011, 6:56 PM

migrateStewards.php isn't necessarily going to be run -- if you start your wiki on CentralAuth to begin with, you have nothing to migrate.

Aklapper added a comment.Mar 11 2014, 2:11 PM

vasilvv: You're set as assignee here, do you plan to work on this or should the assignee be reset to default? (And the ticket has "high priority" set for nearly three years which might be unrealistic)

vvv added a comment.Mar 11 2014, 2:22 PM

No, and I don't actually believe that this is a serious issue. Bootstrapping CentralAuth is not something which really happens often (it probably happens mostly in dev environment -- and developers can deal with command-line tools and direct database access).

Jasper added a comment.Aug 13 2014, 9:04 PM
  • Bug 43916 has been marked as a duplicate of this bug. ***
Legoktm added a comment.Sep 11 2014, 6:51 PM
  • Bug 31897 has been marked as a duplicate of this bug. ***
werdna unsubscribed.Dec 10 2014, 5:24 PM
Glaisher lowered the priority of this task from Medium to Lowest.Aug 22 2015, 3:23 PM
Glaisher subscribed.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 22 2015, 3:23 PM
Luke081515 raised the priority of this task from Lowest to Needs Triage.Feb 21 2016, 2:25 PM
Luke081515 subscribed.

This is annoying, if you try to setup a cluster with CA.

Restricted Application added a subscriber: StudiesWorld. · View Herald TranscriptFeb 21 2016, 2:25 PM
MarcoAurelio removed a subscriber: wikibugs-l-list.Sep 18 2016, 10:10 AM
TTO updated the task description. (Show Details)Dec 21 2016, 12:32 PM
TTO subscribed.
hoo subscribed.May 8 2018, 10:10 PM
Rxy subscribed.May 8 2018, 10:22 PM
Rxy claimed this task.May 8 2018, 10:33 PM
Rxy merged a task: T19308: CentralAuth's global logs (gblrights/globalauth) should be global or central instead of local.
Rxy added subscribers: bzimport, alaa, MarcoAurelio and 6 others.
Rxy added a parent task: T194232: Restrict Global actions to specified wikis.May 9 2018, 3:58 AM
gerritbot subscribed.May 9 2018, 9:00 AM

Change 432048 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/extensions/CentralAuth@master] Restrict global actions to specified wikis

https://gerrit.wikimedia.org/r/432048

gerritbot added a project: Patch-For-Review.May 9 2018, 9:00 AM
gerritbot added a comment.Aug 5 2018, 6:50 AM

Change 450422 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/extensions/CentralAuth@master] Change permission check from global permission to user permission

https://gerrit.wikimedia.org/r/450422

Rxy added a project: User-Rxy.Aug 6 2018, 7:53 PM
Rxy moved this task from Backlog to In progress - Development on the User-Rxy board.
Rxy triaged this task as Medium priority.Aug 21 2018, 5:55 PM
gerritbot added a comment.Oct 16 2018, 1:35 AM

Change 450422 merged by jenkins-bot:
[mediawiki/extensions/CentralAuth@master] Change permission check from global permission to user permission

https://gerrit.wikimedia.org/r/450422

ReleaseTaggerBot added a project: MW-1.32-notes (WMF-deploy-2018-10-16 (1.32.0-wmf.26)).Oct 16 2018, 2:00 AM
Rxy closed this task as Resolved.Oct 16 2018, 6:27 PM
Rxy moved this task from In progress - Development to Development on the User-Rxy board.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL