Wikipedia talk:Requests for comment/MediaWiki editor

Giving a user the editinterface right allows them to impersonate anyone by editing MediaWiki:Common.js, while by being granted edituserjs they can do so by editing their /common.js or /skin.js (which can be much more stealthy). So we might as well be handing out full sysop rights instead of this Template Editor 2: Electric Boogaloo. — Keφr 09:42, 29 June 2014 (UTC)[reply]

• There areva lot of key differences between this proposed group and administrators. This group woul lack tools for blocking, deleting, revision deletion, being able to unblock themselves, and a slew of other "people" related things they do need to do their work improving the Wikipedia environment. It would be available for those that don't want to so the things (like AfD) that admins need to do that affect RfA votes (AfD wouldn't apply because not giving delete button) etc. Also, since this would be "technical" stuff RfA neighsayers because of lack of "content" creation wouldn't be an issue either. — {{U|Technical 13}} ^{(e • t • c)} 11:21, 29 June 2014 (UTC)[reply]
  • True. But by having access to other people's JavaScript, they can do these things anyway. Surely, they will be caught eventually, but it demonstrates that the required level of trust is not significantly lower here.

  Adminship is not a very content-focused position either. Whether a user can be trusted with the delete button is just a question of whether they understand of

  WP:CSD and WP:Consensus well — no sysop is allowed to delete pages on their whim anyway. Whether a user can be trusted with the block button is a question of whether they are good at controlling their own temper and judging character of others. Whether they can be trusted with editing JavaScript, frequently-used and complicated templates and modules, or edit filters is a question of whether they are skilled coders and will not abuse their rights. Nothing which requires great content creation skills. So effectively, you are circumventing the… wait, I might actually like this idea. — Keφr 14:55, 30 June 2014 (UTC)[reply

  ]

  See also

  Helder.wiki 14:37, 3 July 2014 (UTC)[reply

  ]

• First of all, thanks to everyone on this talk page who has provided information on how the Wikipedia software works, and what can and cannot be done per the software. With all of the information provided in this entire section, I am now in full belief that since there is currently no way to separate the permissions of editing cascade-protected pages and fully-protected pages, the permission to edit cascade-protected pages should NOT be part of this new user right. So, I'm going to rewrite my "rough draft" above to include giving the editor only the following three permissions:

1. editinterface
2. edituserjs
3. editusercss

From what I am understanding above, these three permissions would allow only the functions that I desired this right to have when I initiated this question/proposal on Technical 13's talk page. All of the other permissions that have been proposed at some point would unbundle tools that should be exclusive to administrators, and since there is currently technically no way to unbundle them without allowing the editor to have some of the permissions that should be exclusive to administrators (Example: allowing the editor to edit cascade-protected pages would require the protect and/or editprotected rights), they should not be included as part of this proposal. I should be "adjusting" my above proposal shortly. Steel1943 (talk) 14:51, 29 June 2014 (UTC)[reply]

• Steel, I can all but guarantee a proposal to grant just those three rights in a new group will be shot down as a result of anti-hat collection people. It would be much better to propose to simply add those three rights to the existing  Template editor group. — {{U|Technical 13}} ^{(e • t • c)} 14:55, 29 June 2014 (UTC)[reply]

• Technical 13, what you might find odd is that I would be opposed to adding the user rights onto the existing Template Editor group. You may find this odd or even understand this, but this new group of user rights I'm proposing for non-admin use ... I don't even want them. I don't trust myself to edit any of the MediaWiki pages, or to edit other users .css or .js pages. I feel that, at least for me, it should be a separate right that I can prove to the community (or just one administrator) that I have a purpose to have based on a set of criteria ... that I obviously cannot meet right now, but an editor like you definitely (or other MediaWiki regulars that have been part of this discussion) could. However, with what you said, this proposal could be "split up", so to speak:

1. The first proposal could ask the community if the three user rights proposed above could be handed to non-administrators in trusted situations
2. If the previous proposal passes, the second proposal would ask the community if these user right should be set up in a new user group (Template Editor II, MediaWiki Editor, etc.) or added into the currently-existing Template Editor group.

I get how acquiring community and administrator approval to allow these user rights may be a difficult task, but I, for one, can see the usefulness of a non-administrator having the access to these three user rights, given that there are several editors who have substantial beneficial knowledge that can assist with editing these pages that some administrators do not. Steel1943 (talk) 15:15, 29 June 2014 (UTC)[reply]

There's a lot of interface pages that use templates to do all of their work (like MediaWiki:Protectedpagetext). Without being able to edit full-protected (and cascade-protected) pages, your ability to edit the interface is really limited. Jackmcbarn (talk) 15:57, 30 June 2014 (UTC)[reply]

At this point, the only way I would support an option to allow this new "user group" to include editing any type of protected pages is if ... the user right to able to edit fully protected and cascade protected pages can be separated in some fashion. An idea that I have would be to separate the user rights that allow editing fully-protected pages and cascade-protected pages. That option my be possible by someone creating a Bugzilla bug to separate the two functions. Of course, both of those functions would then, by default, be part of the administrator user group, and whatever other groups have permission to edit both fully-protected and cascade-protected pages. If this is possible, that would be amazing ... considering that I will never support this new user group being allowed to edit fully-protected pages. Steel1943 (talk) 20:21, 30 June 2014 (UTC)[reply]

• Steel, T56081 basically proposes this. Comments from more people requesting this would certainly grease the wheel by becoming more and more squeeky... — {{U|Technical 13}} ^{(e • t • c)} 20:54, 30 June 2014 (UTC)[reply]

• Ah-ha! Thanks for clarifying that! I wasn't sure what that bug was for. I'll start commenting on it soon. Steel1943 (talk) 21:00, 30 June 2014 (UTC)[reply]

Even if we had that option, what namespaces would we set it on? Jackmcbarn (talk) 21:03, 30 June 2014 (UTC)[reply]

• Template, Module, MediaWiki, and User perhaps (technical spaces that would be affected by TEs)? That is certainly something I'd enjoy discussing more. — {{U|Technical 13}} ^{(e • t • c)} 21:16, 30 June 2014 (UTC)[reply]

Setting them on Template and Module would make just about all cascading protection worthless everywhere. Jackmcbarn (talk) 21:19, 30 June 2014 (UTC)[reply]

• They would still be cascade protected and non-editable for everyone that currently can't edit them except the 187  Template editors. — {{U|Technical 13}} ^{(e • t • c)} 21:24, 30 June 2014 (UTC)[reply]

If that were what would happen, that would be fine, but that's not what would happen. Jackmcbarn (talk) 21:25, 30 June 2014 (UTC)[reply]

• That is all the ticket on Bugzilla asks for. Offer a way to exempt TEs to cascade protection in select namespaces. — {{U|Technical 13}} ^{(e • t • c)} 21:27, 30 June 2014 (UTC)[reply]

Once again, thanks for clarifying. What you have stated would be a disaster, if allowed by default (allowing TEs to edit cascade-protected pages in certain namespaces.) I don't want permission to edit cascade-protected pages, and I'm a TE. I may sound like a broken record with this next statement, but here goes; the only way I can see this working is to unbundle the user rights that allow editing on fully-protected pages and cascade-protected pages into two separate user rights: one that allows editing a fully protected page, and one that allows editing a cascade-protected page. My best analogy that I can think about to illustrate is to compare levels of protection on pages to blood types: cascading-protection, in this example, would be the Rh antigen (+ or -, equivalent to a "yes/no") and all other levels of protection being the ABO antigen. So, with my analogy, AB would represent "full or permanent protection", and + will represent "has cascading protection". (I lost my entire example after trying to assemble the following table.) Anyways, here would be the examples of when an editor could edit a page if the user rights to edit fully protected pages and cascade protected pages were separated:

When CAN an editor edit the page?

	Editor has no protected page editing privileges	Editor can edit fully protected pages	Editor can edit cascading-protected pages	Editor can edit both fully protected and cascading-protected pages
Page has no edit protection	YES	YES	YES	YES
Page has full protection	no	YES	no	YES
Page has cascading protection	no	no	YES	YES
Page has both full protection and cascading protection	no	no	no	YES

The purpose behind this idea is to separate the protection that protects pages that would "break Wikipedia" if changed incorrectly (cascading-protection) from the pages that are protected to prevent recent or long-standing content disputes, vandalism, or a recent secluded edit that caused a lot of issues on the site (full protection). To allow this new, possible user group the ability to edit cascading pages and NOT fully protected pages would satisfy its proposed purpose: to allow editors to assist with the "technical gears" behind how Wikipedia works ... technically. Steel1943 (talk) 22:40, 30 June 2014 (UTC)[reply]

Now I see the core of the issue. There are no pages that would fall under "Page has cascading protection", and never will be. All of them that you think fall under that category actually fall under "Page has both full protection and cascading protection". This is because cascading protection isn't its own form of protection. Rather, it's a form of regular protection. There are five different edit protection levels a page can have on Wikipedia:

• No protection
• Semi protection
• Template protection
• Full protection
• Full protection that cascades

Does this make sense? Jackmcbarn (talk) 23:11, 30 June 2014 (UTC)[reply]

@

WP:CASC, which itself has cascading-protection, ironically. However, I would believe that the Wikimedia software is programmed in the way you have stated; that's why if that is the case, if the user right that allows editing fully protected pages and cascade-protected pages can somehow be split, all of my personal concerns would be resolved. Steel1943 (talk) 23:29, 30 June 2014 (UTC)[reply

]

Since cascading protection is full protection, File:Padlock-red.svg has full protection (since it inherits cascading protection) even though full protection isn't set in its individual settings. Jackmcbarn (talk) 23:56, 30 June 2014 (UTC)[reply]

Also, keep in mind the difference between pages that are the root of cascading protection, and pages that inherit it. When a page is being protected, a checkbox "Protect pages included in this page (cascading protection)" is available that allows it to be set as a cascading root. You can see a list of all of the cascading-protection roots on Wikipedia at [1]. And it's not "ironic" that

WP:CASC is cascade-protected; if it weren't, then transcluding pages from it would have no effect at all. Jackmcbarn (talk) 00:02, 1 July 2014 (UTC)[reply

]

(edit conflict) @Jackmcbarn: I understand that, but that still brings back to my point; since this page has two separate "protection tags" (one for move protection, and one for cascading protection), there must be a way to split the user right that governs the cascading protection from full protection and the rest of the protections (move protection, template protection, etc.) Steel1943 (talk) 00:08, 1 July 2014 (UTC)[reply]

You can't split cascading protection rights from full protection rights because cascading protection is full protection. All cascading-protection means is "full-protect this page, and full-protect all of the pages that this page directly or indirectly uses". Jackmcbarn (talk) 00:10, 1 July 2014 (UTC)[reply]

Also, the reason that the protect right is always needed to edit cascading-protected pages is that if you add a transclusion to any cascade-protected page, whatever page you transcluded instantly becomes protected as well. Jackmcbarn (talk) 00:12, 1 July 2014 (UTC)[reply]

(edit conflict) I understand the "text" may say that, but that doesn't necessarily mean that is technically correct. Here are a few more examples if why I think there can be a way to differentiate the fully-protected pages from the cascade-protected pages:

1. When attempting to edit a cascade-protected page with no other protection, the editor is presented an editnotice letting them know that they cannot edit the page when they go to the edit screen via the "Edit" tab at the top of the page. On a fully-protected page, the "Edit" tab is replaced with a "View Source" tab, and the editnotice that appears at the top of the screen is worded differently.
2. On my previous example of Template:Notice, when the page had template protection and cascading protection, after I clicked the "Edit" tab, I could not edit the page, and the background to the syntax was white. On most examples of when a template editor edits a page with template protection, the background of the syntax is pink/red.

There are aspects of the software that can differentiate the cascading protection from other protections in several ways. So, since there are some real-life examples of how the software differentiates these protections, how do we get started on creating a bug to apply the fact that differentiating aspects exist, and apply that to when an editor can/cannot edit a page with cascading protection? Steel1943 (talk) 00:22, 1 July 2014 (UTC)[reply]

Pages that are "only" cascade-protected have an "edit" tab at first simply because it takes a (relatively) long time to check whether a page inherits cascading protection, so the software doesn't do that unless you're actually trying to edit it. (It also skips a lot of other checks like titleblacklist there.) For your second point, what you saw is exactly what would happen for any other fully protected page, so I'm not sure what you're trying to say. Jackmcbarn (talk) 00:28, 1 July 2014 (UTC)[reply]

@Jackmcbarn: I just had an epiphany while I was thinking these past few minutes ... a question/understanding that would basically end this entire conversation for me, at this point. Earlier, you were talking about protection levels. Let's say a page is tagged with both semi-protection and has cascade protection. Let's say the first 4 levels you mentioned are option 1, and cascading protection (level 5) is option 2. If "option 2" is activated (cascading-protection), does that make the software completely override what is chosen in "option 1", with the exceptions of the cosmetic things (seeing the small lock pics on the screen, tab name changes, etc) and whatever "drop-down" choices are selected that anyone with the protect user right can see/select (ex. Administrators)? Steel1943 (talk) 01:09, 1 July 2014 (UTC)[reply]

I'm not sure whether you mean "root" cascading protection or inherited cascading protection, so here's the answer for both cases. It's impossible for a page to have root cascading protection and semi-protection at the same time (i.e., you can't check the cascading box and pick semi on the protection screen). It is possible for a page to have inherited cascading protection (which is what happens when you transclude it at

WP:CASC, Main Page, or any other cascading-protected page) and semi-protection at the same time, though. In this case, the cascading protection does indeed "win" as far as required permissions are concerned. Jackmcbarn (talk) 01:15, 1 July 2014 (UTC)[reply

]

Clarification: Neither restriction actually "wins". You need the permissions to edit through both restrictions in order to edit the page. This is a moot point here, though, since our protection levels are strictly hierarchical. Jackmcbarn (talk) 01:21, 1 July 2014 (UTC)[reply]

...And we're back to the point I made earlier; "both restrictions" makes me think there is some way to unbundle the user right to edit cascading protected pages from the user rights that allow editing pages with other protections. Oh well, I'm confused, and I don't think it's going to get better for a while. At this point, I think that this proposal should stick with just the three user rights that I suggested, and then at a later time, if the page protection editing user right issue gets resolved, and this proposal passes, we can have another RFC to add it to this user group later. Steel1943 (talk) 01:34, 1 July 2014 (UTC)[reply]

There are two rights required to edit a cascading-protected page. The first one is the right required to edit whatever the root page is. This is currently editprotected (i.e. full protection) for all pages here. This could theoretically be worked around, although it would require a lot of work and complexity. The second one is the "protect" right. This one is set in stone and can't be changed. Jackmcbarn (talk) 01:40, 1 July 2014 (UTC)[reply]

The key to understanding "both restrictions" is that it means two separate checks, not two separate sets of rights. Jackmcbarn (talk) 01:41, 1 July 2014 (UTC)[reply]

Will a screenshot help clear it up? — {{U|Technical 13}} ^{(e • t • c)} 01:42, 1 July 2014 (UTC)[reply]

I can't support this being implemented. For those who really have the need, there is m:Global interface editor anyway, because the people who have this are usually the only ones needing to make adjustments to the interface because they are doing it across many wikis.. I also don't see a need demonstrated here; quite frankly, this just seems like hats hats hats. There's enough admins around who have the needed technical expertise - it's not like the template namespace where there is such a large code base to maintain. --Rschen7754 08:28, 1 July 2014 (UTC)[reply]

@Rschen7754: After I learned about the existence of the global Interface Editor user group recently (in fact, during this discussion), I started thinking along the same lines. Besides your concerns, I now feel as though in order to accomplish the original goal of my proposal would require a LOT of changes with the background functions of Wikimedia in general, such as finding a way to unbundle cascading-protection from the other protections. Also, the global user right, from my understanding, exists so that the editor who is presented that right can make the adjustments to every Wikimedia site after a change is agreed to via consensus, probably on the main Wikimedia site someplace. At this point, I don't even believe I can support my own proposal. Steel1943 (talk) 13:13, 1 July 2014 (UTC)[reply]