Manual:$wgUserRequirementsPrivateConditions

Using $wgRestrictedGroups , one can specify criteria for adding user to a group. They are evaluated on submitting a request to change user's groups, but also when viewing Special:UserRights. In the latter case, the result of evaluation is used to disable checkboxes corresponding to groups that the user cannot be added to.

Given that some conditions may operate on private information, access to which should be logged, these conditions may be listed in $wgUserRequirementsPrivateConditions. Doing so will cause two main changes:

• Special:UserRights won't evaluate those conditions when viewing the form (but still will do so on submit).
• Trying to add a user to group which uses private conditions will trigger ReadPrivateUserRequirementsCondition hook (which allows for logging).

By default, MediaWiki does not log accesses to private conditions. If you wish these to be logged, handle the ReadPrivateUserRequirementsCondition hook.

This configuration setting doesn't influence situations when user tries to change their own groups (as they can freely access their own private information).

Additionally, a private condition's value is treated as not revealed if it has no impact on the final result. An example would be a conjunction of two conditions (one public and one private), of which the public one is false. Regardless of the value of the other one, the result can be determined for sure without access to private data.

For groups using private conditions, Special:UserRights, next to the checkbox, will display a message defined in MediaWiki:Userrights-restricted-group-<group-name>-private-conditions (with fallback to MediaWiki:Userrights-restricted-group-warning-private-conditions).

In the following example, we define that APCOND_EMAILCONFIRMED (whether user has confirmed their email address) is to be treated as private information.

$wgUserRequirementsPrivateConditions = [
    APCOND_EMAILCONFIRMED
];

• Manual:$wgAutopromote
• Manual:$wgRestrictedGroups