Skip to content

Add group permissions to define user roles and access levels

Christian Heusel requested to merge github/fork/kynikos/permissions2 into master

Created by: kynikos

This PR splits the concepts of user roles and access levels to clarify the function of users and help bureaucrats grant permissions as required, regardless of the role. This patch has already been discussed in the arch-wiki-admins ML and reached consensus among the participating wiki administrators in the current form.

User roles are groups without rights: they only serve to clarify the main function of the user in the wiki, and they must be associated to specific access levels as needed:

  • maintainer: current wiki admininstrators + maintainers (i.e. anybody whose primary goal is to look after the wiki per se);
  • translator: to be used to reward and encourage very active wiki translators (there have been a few that really spent innumerable hours on the project without any official acknowledgement);
  • archdev: to group Arch Developers;
  • archtu: to group Arch Trusted Users;
  • archstaff: to group members of other sections of the Arch Community besides the ones above (e.g. forum admins, IRC ops...).

Access levels are groups that define the extent of the permissions that users have in the wiki, regardless of their role. MediaWiki defines some by default, but the following are most relevant:

  • sysop: currently used to also define the wiki administrator role, however all users who need to access protected page need this access level, hence the current confusion;
  • cosysop (Wikipedia:Sysop): this is an intermediate access level that is currently associated to the maintainer group.

This system allows to keep only 2 page restriction levels (for sysops and cosysops), depending on the level of "trust" that the user has gained in the wiki. I don't think that it makes much sense to complicate things by having pages that only certain roles can edit: I think it's only a matter of trust, and if we have given some to somebody, we should be able to assume that they know what they can edit or not.

After merging the branch there are 2 changes that should be made as soon as possible in the wiki:

  • Assign the cosysop group to all the previous non-admin maintainers;
  • Update the AbuseFilter rules accordingly.

With less urgency, the following steps are:

  • Assign sysop-only users to proper roles;
  • Create system messages for the new groups, and perhaps change the existing ones, especially those associated to sysop and maintainer;
  • Reorganize the wiki pages related to user groups in accordance with the new configuration;
  • Update the bots to handle the new groups.

NOTE 1

I've also bundled a commit that removes the assignment of the writeapi right to sysop and maintainer/cosysop because it's also given to autoconfirmed (which is implicitly assigned to users in those groups), so it's redundant.

NOTE 2

There's an alternative patch in (https://github.com/archlinux/archwiki/compare/master...kynikos:permissions1): it has a more conservative approach, but I think it handles the problem in a more complicated and inflexible way.

Merge request reports