$wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
$wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
+# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites,
+# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops.
+# Also remove the interface-admin group to avoid confusion.
+$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] );
+unset( $wgGroupPermissions['interface-admin'] );
+unset( $wgRevokePermissions['interface-admin'] );
+unset( $wgAddGroups['interface-admin'] );
+unset( $wgRemoveGroups['interface-admin'] );
+unset( $wgGroupsAddToSelf['interface-admin'] );
+unset( $wgGroupsRemoveFromSelf['interface-admin'] );
+
+# The v1.32+ gadget system also requires two additional rights
+# See https://www.mediawiki.org/wiki/Extension:Gadgets
+$wgGroupPermissions['sysop']['gadgets-edit'] = true;
+$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true;
+
<% if @mediawiki[:private_accounts] -%>
# Prevent new user registrations except by existing users
$wgGroupPermissions['*']['createaccount'] = false;
# DNS Blacklists to use
$wgEnableDnsBlacklist = true;
-$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' );
+$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' );
# Require validated email to edit
$wgEmailConfirmToEdit = true;
# Disable IP in Header to avoid cache issue
$wgShowIPinHeader = FALSE;
-# Job Runs by cron
-$wgJobRunRate = 0;
+# Job Runs mostly by cron
+$wgJobRunRate = 0.01;
# dissolves double redirects automatically
$wgFixDoubleRedirects = TRUE;