User:Rotemliss/User rights suggestion

I'm suggesting a new, improved user rights system, so that we will be able to use the Special:Userrights page for everyone, without having to use extensions which are incompatible (or should work hard to be compatible) with the current system.

The system is available in the userrights branch.

Description of the system[edit]

The system introduces the following changes to Special:Userrights (to complete changes and explanations, see the userrights branch log):

• Rewrites the group <select> lists to checkboxes, for both simplicity and option to disable items.
• Allows disabling of checkboxes which cannot be changed by the users. This allows us to use the same page with different restrictions: full interface to WMF stewards and non-WMF bureaucrats, and restricted interface (which allows only to grant sysop, bureaucrat and bot rights, and to revoke only bot rights; it can be changed, of course, using flexible configuration settings) to WMF bureaucrats.
• Allows changing permissions also in other local sites, controllable by the permission "userrights_remote". It should be granted to WMF stewards and non-WMF bureaucrats, but not to WMF bureaucrats.
• Allows log comment.

Previous problems which forced us to stay in the current status[edit]

Prior to the suggestion, there were some features in the other permission changes methods which were not available in Special:Userrights, therefore we couldn't use only Special:Userrights. They are now fixed, therefore there is no problem to use only Special:Userrights.

• Both Special:Makesysop for bureaucrats and Special:Makebot allowed us to create a restricted interface of user rights, but now we can do that using more flexible configuration settings.
• Special:Makesysop for stewards allowed them to change permissions also in other sites, but it's now possible also in Special:Userrights.
• Special:Makebot allowed us to use a log comment, but it's now possible in Special:Userrights.

How to use it[edit]

The system suggests by default, like the current Special:Userrights interface, a complete interface which allows the user to grant and revoke any permission. However, there are some configuration settings to disallow some options.

First, four permissions were added to the bureaucrat group. They are currently set to true, but they can be set to false when needed. They are:

• "userrights_remote" – the option the change permissions for users in other wikis.
• "userrights_grant" – the global option to grant permissions; if turned off, the user cannot grant permissions at all.
• "userrights_revoke" – the global option to revoke permissions; if turned off, the user cannot revoke permissions at all.
• "userrights_full" – the option to ignore all the restrictions set later, for people who are very trusted and get full control on the permissions. This doesn't include the "userrights_remote" restriction, however.

Second, you can use a whitelist of permissions which cannot be granted ($wgGrantPermissionsWhitelist), and a whitelist of permissions which cannot be revoked ($wgRevokePermissionsWhitelist).

Third, you can use a blacklist of permissions which cannot be granted ($wgGrantPermissionsBlacklist), and a blacklist of permissions which cannot be revoked ($wgRevokePermissionsBlacklist), if you don't use the whitelists.

I suppose Wikimedia should use the current configuration:

$wgGroupPermissions['bureaucrat']['userrights_remote'] = false;
$wgGroupPermissions['bureaucrat']['userrights_full'] = false;
$wgGroupPermissions['steward']['userrights'] = true;
$wgGroupPermissions['steward']['userrights_remote'] = true;
$wgGroupPermissions['steward']['userrights_grant'] = true;
$wgGroupPermissions['steward']['userrights_revoke'] = true;
$wgGroupPermissions['steward']['userrights_full'] = true;

$wgGrantPermissionsWhitelist = array( 'sysop', 'bureaucrat', 'bot' );
$wgRevokePermissionsWhitelist = array( 'bot' );

They can be tweaked to allow some other grants or revokes, without having to develop additional code.

Current status of user rights[edit]

• Special:Userrights, available to stewards in WMF, and to bureaucrats not in WMF; flexible interface, allows granting and revoking all the permissions.
• Special:Makesysop for bureaucrats, available to local bureaucrats in WMF; non-flexible interface, allows only granting sysop and bureaucrat rights.
• Special:Makesysop for stewards, available to stewards in WMF; flexible interface, just like Special:Userrights, but uses SQL directly to allow interwiki permissions change.
• Special:Makebot, available to local bureaucrats in WMF; flexible interface, allows to grant and revoke bots; unlike all the other methods, uses its own log page and allows log comments. Created by Rob Church.
• Special:GiveRollback, available to local bureaucrats if set (not set in WMF); same to Special:Makebot except it defines a new user group, read "Special:Makebot and Special:GiveRollback" whenever written "Special:Makebot". Created by Rob Church.
• Special:Desysop, available to local bureaucrats if set (not set in WMF), copy of Special:Makesysop but several features and messages were removed. Read "Special:Makesysop for bureaucrats and Special:Desysop" whenever written "Special:Makesysop for bureaucrats". Created by Andrew Garrett.

Current problems of user rights[edit]

The most important problem about the user rights is inconsistency and incompatibility, and duplicating of code which actually does the same. If you want to make a page like Makebot, but to grant and revoke Checkuser permissions, available for local bureaucrats in WMF, you have to clone the whole code, or write your own page. You cannot use the current systems.

Also, if you add a feature to Special:Userrights, you have to figure out how to add it to all the other pages. If you rearrange the user rights method, you have to update it in all the pages with the duplicate and redundant code.

The page Special:Makesysop is very restricted, but we can't grant the local bureaucrats the permission to use the full interface of Special:Userrights, as it will grant every bureaucrat a lot of power. Therefore, we have to duplicate this logic.

Some less important problems, which are caused by the above problem:

• Special:Makebot uses its own log page, instead of the standard one.
• Only Special:Makebot allows log comment, although it will be useful also in other places.
• Special:Userrights and Special:Makesysop for stewards have the same interface (duplicated code), and both of them are available to WMF stewards, but only Special:Makesysop can change permissions in other wikis.

These minor problems can be fixed, but others may appear, if we handle the result and not the cause. The cause is the duplicated code, which should be merged into one consistent system.

History of user rights[edit]

(For additional information, you can skip it if you like.)

Formerly, only developers could make sysops. Then the page Special:Makesysop and the new right "bureaucrat" were invented. This page allowed bureaucrats to add sysops and bureaucrats by themselves, and it was exist in the default installation until version 1.4. This page was very useful for day-to-day maintenance – adding sysop and bureaucrats, but couldn't do other things: adding bots, removing users from groups, and groups could not be added.

Therefore, it was planned to add more support for user rights and levels, and finally the flexible page Special:Userrights was created, and rights could be specified using $wgGroupPermissions, to add and modify groups. Special:Makesysop was moved to an extension, which allowed restriction of the local bureaucrats to Special:Makesysop, and allowing the stewards to use the more flexible interface of Special:Userrights (actually, they can use both Special:Makesysop and Special:Userrights, with the same interface and almost the same features). This status is exist as of version 1.5 of MediaWiki.

Lately, Rob Church has created the extension of Special:Makebot, which allows the local bureaucrats to grant and revoke the bot status. He also created Special:GiveRollback based on Special:Makebot. After that, Andrew Garrett created Special:Desysop based on Special:Makesysop for bureaucrats.