Topic on Extension talk:CategoryWatch

Possible effects due to ability to add any page to any category

2
Tommyheyser (talkcontribs)

First off, I want to preface this by saying that this extension adds a REALLY useful functionality, which should really be part of MW core. Though dealing with possible risks and consequences may be why it's not.

Say you have a category that's being watched by many people, as soon as someone adds a new page to it, those watching the category will receive a notification. This is the expected behaviour and this extension works great.

However, since anyone with edit right on any given page is able to add that page to any category they want, could this extension lead to abuse/false positives with email notifications? Even on a wiki where only authorised users can edit a particular page in a particular namespace.

I don't think it's possible to restrict the ability to add a page to a category, which would go against a core functionality of MediaWiki. But would it be possible to check the name of the person responsible for the edit (e.g. {{REVISIONUSER}}) that added a particular page to the category against a tag on the category page which defines those people whose edits--which add the page to the category--will trigger the notification?

I'm reluctant to enable this extension even though it adds a really really great functionality that could be the lynch pin in getting people on board the wiki train at my company. Does any one have any suggestion on how to control the risk associated with this?

Lbillett (talkcontribs)

We use this extension extensively for workflow management, especially the 'Automatically watched by User' feature. While you could probably hack it to do what you're after, we haven't experience ANY kind of behavior like you're describing. Though, our wiki is internal and does not allow anonymous edits.

I think watching a category was added to the core somewhere around 1.25. Though have to add a line to your local settings to activate it. Manual:CategoryMembershipChanges.

Reply to "Possible effects due to ability to add any page to any category"