Wikibase/Permissions

From mediawiki.org

Overview[edit]

Below you'll find information about the available permissions in Wikibase, and a tidy summary in table form.

Preliminary notes[edit]

  • User rights are flags defined either in MediaWiki core's PermissionManager::coreRights (link) or in the AvailableRights property of the extension.json file (e.g., on Wikibase repo)
  • These rights are then assigned to user groups, which can be defined ad hoc in LocalSettings.php by setting a boolean value on a permission key to a given group key on $wgGroupPermissions. The default user groups are defined in DefaultSettings.php (link). Extensions can set their permissions through extension.json (e.g., on Wikibase repo)
  • Grants are collections of user rights granted to third-party software on a user's behalf without giving them full user rights. Grant permissions can be set with the $wgGrantPermissions setting (defaults) or through extension.json (e.g., on Wikibase repo).

Implementation of permissions in Wikibase[edit]

  • Permissions on Wikibase are all managed through classes that implement the EntityPermissionChecker interface (link).
  • Mostly, permissions are checked in the ChangeOp classes themselves. Some permissions are checked on special pages and in API modules.

Permissions table[edit]

Key[edit]

  • User right: The permission flag being checked
  • Description: The action the permission is checked on
  • Enabled user groups: Which user group this permission is enabled for by default
  • Included in grants: Which grants (collections of permissions for third-party apps) include this permission by default

Wikibase permissions[edit]

User right Description Enabled user groups Included in grants
read Read entities (inherited from MediaWiki core) All users basic
edit Edit entities (inherited from MediaWiki core) All users editpage (and all grants that inherit it in DefaultSettings.php)
createpage Create items (inherited from MediaWiki core) All users createeditmovepage
property-create Create properties All users createeditmovepage
item-term Edit terms (labels, descriptions, aliases) on items All users editpage
property-term Edit terms on properties All users editpage
item-merge Merge two items together All users editpage
item-redirect Redirect from one item to another All users editpage