[03:43:55] @abaddriverlol @posix_memalign well, it's hideous, but, got the idea working [03:43:57] mostly [03:44:42] I have it working that having the editallcustomprotected right allows access to all the custom levels I made, but it's not working with global rights yet [03:45:26] I think that may be because of load order, if setting a hook in GlobalSettings.php is loaded before CentralAuth [03:45:50] https://test.mirabeta.org/wiki/Protection_test?action=protect feel free to test while it's there, rollbacker group has the custom all right [03:46:13] (will prob have to add that to restricted rights later) [03:47:10] [1/15] ```php [03:47:10] [2/15] +$wgAvailableRights[]= 'editallcustomprotected'; [03:47:10] [3/15] +$wgHooks['UserGetRights'][] = static function ( $user, &$rights ) { [03:47:11] [4/15] + if (in_array( 'editallcustomprotected', $rights )) { [03:47:11] [5/15] + $rights[] = 'editalphaprotected'; [03:47:11] [6/15] + $config = MediaWikiServices::getInstance()->getMainConfig(); [03:47:11] [7/15] + if ( count($config->get('RestrictionLevels')) > 4 ) { [03:47:12] [8/15] + foreach ($config->get('RestrictionLevels') as $right) { [03:47:12] [9/15] + if (!in_array($right, ['', 'user', 'autoconfirmed', 'sysop'])) { [03:47:12] [10/15] + $rights[] = $right; [03:47:13] [11/15] + } [03:47:13] [12/15] + }} [03:47:14] [13/15] + } [03:47:14] [14/15] +}; [03:47:15] [15/15] ``` [14:06:19] If no one has issue with this approach I’ll start working on putting this in a draft MM Pr [14:06:26] After my laptop stops melting itself [14:06:32] It was smelling very interesting yesterday [14:07:01] what an amazing photo [14:07:24] Indubitably [14:07:36] I really hope MM hooks just run after CA [14:08:10] rn im getting giggity for when (hopefully) citizen passes another security review [14:20:14] have you seen the new citizen preferences menu? [14:20:26] i have [14:20:43] first on the pzwiki [18:35:50] Tossed onto Phorge https://issue-tracker.miraheze.org/T14439#304622 [18:36:22] If a tech person wants to give thoughts on the proposed potential fixes by all menas [19:06:30] I don't think it's a good idea to rely on the load order [19:08:21] Mayvd we could hook into the permission checks instead, detect whether it's a custom protection level, and then check the alternative (global) permission? [19:10:05] Alternatively I think there's also a way to give the user specific permissions only for the current request, we could do that once we know whether the user has the global permission [20:34:37] I never said that [20:35:10] That’s what I’m doing [20:35:24] The issue is knowing the global permission [20:35:50] The main/sane way to dynamically add rights to a user for a given request as I can tell from a lot of reading docs is this hook [20:36:42] The issue is the unreliability that the hook which turns the editall permission into the custom edit permissions runs after CA adds the editall to the array [22:24:17] Does the user actually need to be given the right though? [22:24:57] I think MediaWiki fires a hook when it checks to say "can this use perform this action" as SRD said and you can just return true? [22:32:09] Maybe, I did a lot of looking of different hook options and ended up on this one, I think the userCan() hook may work but this was the recommended route [22:46:07] I think the question is whether we really want to add the right though [22:46:17] Are there any pages we don't want stewards to edit? [22:46:44] Otherwise we could just use UserCan to always allow editing pages and just ignore what specific protection levels exist on a wiki [22:54:23] Hm [22:55:06] I mean, I think having the ability to set the ability to edit them all as a right is preferable but I won’t die on that by any means [22:55:46] By definition “Stewards have the highest level of software access within the Miraheze community.” [22:56:13] Though this should also be given to global admins [22:56:17] Highest level doesn't have to mean all pages [22:56:18] (And me ofc$ [22:56:28] But I'm not sure rn whether there are any pages that would be affected by this [22:56:58] I mean, my current implementation means stewards can bypass any protection anyhow [22:57:19] AbuseFilter may still be a hinder but that’s out of scope for this task [22:57:59] I’m cool with moving this to userCan [22:58:20] though im not sure how much it would actually differ [22:58:51] Oooooooooh [22:59:23] [1/2] so thats why [22:59:23] [2/2] https://cdn.discordapp.com/attachments/1006789349498699827/1492660360698921161/image.png?ex=69dc23ca&is=69dad24a&hm=597b8777a56c259145dd4e2a0d6bbba100f551a0f1035a1df7665775fa7f3782& [23:00:52] It also doesn’t pass rights as a parameter, so we’d need to still query further about every user trying to edit a protected page [23:01:23] I’m approaching this with an agressively preformance focused mindset (by my bar lol) [23:02:51] id much rather make the first if “has this super specific right in this already passed array” because from there any further logic is ran so sparingly that performance is negligible