X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/03b5f3ea1de0f4490857a894b407bf4f314a5d2c..0ce945812edc79a9a404125f30ba3af49abe2bcc:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb?ds=inline

diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
index ee14cdcd3..0fd10ae3d 100644
--- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
+++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb
@@ -193,6 +193,22 @@ $wgGroupPermissions['bureaucrat']['deleterevision'] = true;
 $wgGroupPermissions['bureaucrat']['suppressrevision'] = true;
 $wgGroupPermissions['bureaucrat']['suppressionlog'] = true;
 
+# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites,
+# but for OSM it makes more sense to keep group structure simple.  Give all interface-admin rights to sysops.
+# Also remove the interface-admin group to avoid confusion.
+$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] );
+unset( $wgGroupPermissions['interface-admin'] );
+unset( $wgRevokePermissions['interface-admin'] );
+unset( $wgAddGroups['interface-admin'] );
+unset( $wgRemoveGroups['interface-admin'] );
+unset( $wgGroupsAddToSelf['interface-admin'] );
+unset( $wgGroupsRemoveFromSelf['interface-admin'] );
+
+# The v1.32+ gadget system also requires two additional rights
+# See https://www.mediawiki.org/wiki/Extension:Gadgets
+$wgGroupPermissions['sysop']['gadgets-edit'] = true;
+$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true;
+
 <% if @mediawiki[:private_accounts] -%>
 # Prevent new user registrations except by existing users
 $wgGroupPermissions['*']['createaccount'] = false;
@@ -209,17 +225,6 @@ $wgWhitelistRead = array ("Special:Userlogin");
 # Prevent new user registrations except by sysops
 $wgGroupPermissions['*']['createaccount'] = false;
 
-# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites,
-# but for OSM it makes more sense to keep group structure simple.  Give all interface-admin rights to sysops.
-# Also remove the interface-admin group to avoid confusion.
-$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] );
-unset( $wgGroupPermissions['interface-admin'] );
-unset( $wgRevokePermissions['interface-admin'] );
-unset( $wgAddGroups['interface-admin'] );
-unset( $wgRemoveGroups['interface-admin'] );
-unset( $wgGroupsAddToSelf['interface-admin'] );
-unset( $wgGroupsRemoveFromSelf['interface-admin'] );
-
 # Restrict access to the upload directory
 $wgUploadPath = "$wgScriptPath/img_auth.php";
 <% end -%>
@@ -229,7 +234,7 @@ $wgNamespacesWithSubpages[NS_MAIN] = true;
 
 # DNS Blacklists to use
 $wgEnableDnsBlacklist = true;
-$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' );
+$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' );
 
 # Require validated email to edit
 $wgEmailConfirmToEdit = true;