X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/4aa20a01bd0c0c1e2e1814cccfd4549cba89eee0..3720032b9487e8cdd89eed9461ddeeac2c3cd764:/cookbooks/mediawiki/templates/default/LocalSettings.php.erb?ds=sidebyside diff --git a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb index e6a0866d2..99670dc0f 100644 --- a/cookbooks/mediawiki/templates/default/LocalSettings.php.erb +++ b/cookbooks/mediawiki/templates/default/LocalSettings.php.erb @@ -141,7 +141,7 @@ $wgLanguageCode = "en"; $wgPageLanguageUseDB = true; $wgGroupPermissions['user']['pagelang'] = true; -$wgSecretKey = '<%= @node[:mediawiki][:sites][@name][:wgSecretKey] %>'; +$wgSecretKey = '<%= @secret_key %>'; # Site upgrade key. Must be set to a string (default provided) to turn on the # web installer while LocalSettings.php is in place @@ -193,6 +193,22 @@ $wgGroupPermissions['bureaucrat']['deleterevision'] = true; $wgGroupPermissions['bureaucrat']['suppressrevision'] = true; $wgGroupPermissions['bureaucrat']['suppressionlog'] = true; +# Since 1.32 MW introduced interface-admin group to separate all UI-related rights. This makes sense for bigger sites, +# but for OSM it makes more sense to keep group structure simple. Give all interface-admin rights to sysops. +# Also remove the interface-admin group to avoid confusion. +$wgGroupPermissions['sysop'] = array_merge( $wgGroupPermissions['sysop'], $wgGroupPermissions['interface-admin'] ); +unset( $wgGroupPermissions['interface-admin'] ); +unset( $wgRevokePermissions['interface-admin'] ); +unset( $wgAddGroups['interface-admin'] ); +unset( $wgRemoveGroups['interface-admin'] ); +unset( $wgGroupsAddToSelf['interface-admin'] ); +unset( $wgGroupsRemoveFromSelf['interface-admin'] ); + +# The v1.32+ gadget system also requires two additional rights +# See https://www.mediawiki.org/wiki/Extension:Gadgets +$wgGroupPermissions['sysop']['gadgets-edit'] = true; +$wgGroupPermissions['sysop']['gadgets-definition-edit'] = true; + <% if @mediawiki[:private_accounts] -%> # Prevent new user registrations except by existing users $wgGroupPermissions['*']['createaccount'] = false; @@ -218,7 +234,7 @@ $wgNamespacesWithSubpages[NS_MAIN] = true; # DNS Blacklists to use $wgEnableDnsBlacklist = true; -$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-3.uceprotect.net.' ); +$wgDnsBlacklistUrls = array( 'proxies.dnsbl.sorbs.net.', 'opm.tornevall.org.', 'xbl.spamhaus.org.', 'dnsbl-2.uceprotect.net.' ); # Require validated email to edit $wgEmailConfirmToEdit = true;