Page MenuHomePhabricator
Create Task
Maniphest T359212

Phabricator admins should have access to phab-ban tool
Closed, DeclinedPublic
Actions

Description

See https://gitlab.wikimedia.org/toolforge-repos/phab-ban/-/blob/main/app.py?ref_type=heads#L207, it only check whether the user is in acl*userdisable. I proposed that Phabricator admins should also has access. Why? see the next section.

And my second proposal (not technical-related, and this is why this task is tagged Phabricator for discussion): Phabricator admins should not disable accounts in Phabricator directly - instead, Phabricator admins should also use this tool to disable account. Currently there are several ways to disable the account:

  1. For Phabricator admins only: they has permission to directly disable an account in Phabricator (but I propose they not to use it, see below).
  2. For user in acl*userdisable: disable an account using that tool
  3. (future, see T338384) For stewards (and staff): globally lock an account the linked account will (currently not) be disabled in Phab
  4. For Wikitech admin: disable a LDAP account and the linked account will be disabled in Phab
MethodProvides public log?Provides reason?
1Yes but in a very obscure place, and no global log is available for non-adminNo (see T102576)
2YesNo (see T359211)
3YesYes
4Yes, but unclear in future (once we does not use Wikitech to manage LDAP)Yes, but unclear in future

As we can see the option 1 is the least transparent, so a simple solution is not to use it manually at all (though it is still used by PhabBanBot).

Currently there are accounts disabled directly, but you can only see which admin disabled it in an obscure place like this.

Related Objects
Search...

StatusSubtypeAssignedTask
 OpenFeatureNoneT359211 Add a "reason" field in phab-ban tool
 DeclinedNoneT359212 Phabricator admins should have access to phab-ban tool

Event Timeline

Bugreporter created this task.Mar 5 2024, 7:20 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 5 2024, 7:21 PM
Bugreporter updated the task description. (Show Details)Mar 5 2024, 7:21 PM
Bugreporter updated the task description. (Show Details)
Bugreporter updated the task description. (Show Details)Mar 5 2024, 7:51 PM
Bugreporter updated the task description. (Show Details)
bd808 added a parent task: T359211: Add a "reason" field in phab-ban tool.Mar 5 2024, 8:16 PM
Pppery awarded a token.Mar 5 2024, 8:22 PM
Pppery subscribed.

Nit: Blocking an account on MediaWiki.org does not AFAIK disable an account on Phabricator. This proposal to make everyone beat around the bush by using the bot is unwarranted IMO.

Bugreporter updated the task description. (Show Details)Mar 5 2024, 8:36 PM
Bugreporter added a comment.Mar 5 2024, 8:39 PM

I have changed the description (though "Vandalism or spamming on Phabricator" is listed in MediaWiki.org Ipbreason-dropdown so it may still be something good to have), but my reason holds - using phab-ban tool to disable an account is more transparent than disable an account directly in Phabricator. Note I am not planning to change other currently existed ways to disable Phabricator accounts.

Peachey88 subscribed.Mar 5 2024, 8:59 PM
In T359212#9603144, @Bugreporter wrote:

(though "Vandalism or spamming on Phabricator" is listed in MediaWiki.org Ipbreason-dropdown

Yes, that is completely unrelated, Most people do it at the same time, so that the blocks show up in CA world, especially if it was a spam based disable. Although the phab spammers don't seem to hit the wikis as much.

Dzahn added a project: collaboration-services.Mar 5 2024, 9:31 PM
bd808 subscribed.Mar 5 2024, 9:53 PM
In T359212#9603091, @Pppery wrote:

Nit: Blocking an account on MediaWiki.org does not AFAIK disable an account on Phabricator. This proposal to make everyone beat around the bush by using the bot is unwarranted IMO.

It would be technically possible to add hooks to the mediawikiwiki config that would block/unblock associated Phabricator accounts. T338384: CentralAuth locks should disable linked Phabricator account would probably be more commonly useful however.

Bugreporter updated the task description. (Show Details)Mar 6 2024, 10:53 AM
Aklapper closed this task as Declined.Mar 17 2024, 6:51 PM

Phabricator admins should not disable accounts in Phabricator directly - instead, Phabricator admins should also use this tool to disable account.

I disagree and I currently see no reason for this. So I'm declining this ticket.

I don't plan to use external tools to avoid the same functionality available in Phabricator itself, or maybe at some point in the future spend time to click yet another dropdown or fill in a text field with reasons based on the opinion that Phabricator itself is missing some reason field.

In nearly all cases you can either guess the reasons by checking the connected and also locked SUL account linked from the profiel, or check the activity of the Phab account which got locked. I believe that's often sufficient when it comes to the level of red tape I'm fine to deal with.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL