[SECURITY]: avoid global sensitive rights; 2FA for js on meta (#4587)

miraheze · Apr 14, 2022 · 1cd02c3 · 1cd02c3
1 parent e4af8ce
commit 1cd02c3
Showing 1 changed file with 22 additions and 1 deletion.
diff --git a/LocalSettings.php b/LocalSettings.php
@@ -2479,6 +2479,20 @@
 				'noratelimit' => true,
 				'userrights' => true,
 				'userrights-interwiki' => true,
+				'globalgroupmembership' => true,
+				'globalgrouppermissions' => true,
+			],
+			'sysadmin' => [
+				'userrights' => true,
+				'globalgroupmembership' => true,
+				'globalgrouppermissions' => true,
+				'userrights-interwiki' => true,
+			],
+			'trustandsafety' => [
+				'userrights' => true,
+				'globalgroupmembership' => true,
+				'globalgrouppermissions' => true,
+				'userrights-interwiki' => true,
 			],
 			'sysop' => [
 				'interwiki' => true,
@@ -2662,6 +2676,8 @@
 			'steward',
 			'staff',
 			'interwiki-admin',
+			'sysadmin',
+			'trustandsafety',
 		],
 	],
 	'wgManageWikiPermissionsDefaultPrivateGroup' => [
@@ -3155,7 +3171,12 @@
 		'ldapwikiwiki' => 'ldapwikiwiki',
 		'betaheze' => 'testglobal',
 	],
-
+	'wgOATHExclusiveRights' => [
+		'metawiki' => [
+			'edituserjs',
+			'editsitejs',
+		],
+	],
 	// OAuth
 	'wgMWOAuthCentralWiki' => [
 		'default' => 'metawiki',