Page MenuHomePhabricator

Expiring userrights: prevent circumventing of local removal restrictions
Closed, ResolvedPublic

Description

In most projects, bureaucrats can grant sysop and bureaucrat status but not remove it later. However I noticed that with this system that can be bypassed by changing the permanent flag into a temporary (1 second) flag to get it removed. Given the potential for abuse and untransparency, I suggest that this not be allowed. If a user group is not allowed to remove an userright after being granted, they should not be able to modify it afterwards.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2017, 9:59 AM
TTO added subscribers: Anomie, TTO.Jan 31 2017, 10:10 AM

Good catch, MA, I hadn't even thought of this!

To me, the ideal way to prevent abuse would be, where a user can only add the group and not remove it, to only allow that user to increase the expiry date. Decreasing the expiry date would require both add and remove rights. To keep things simple, users with remove rights could only remove permissions (as now), not adjust the expiry date. How does that sound?

MarcoAurelio added a comment.EditedJan 31 2017, 10:17 AM

So:

  • users with add rights but not remove: allow them to just augment/increase expiry date in case the right was temporarily granted.
    • I'd say works for me. However if the right was permanently granted I'd suggest that the expiry form be hidden for them since you can't increase the duration of an indefinitely granted user right.
  • users with add and remove: I'd say that those should be able to adjust permissions and even convert indef rights in temp. rights. But if the later is deemed too complicated for now, I'm fine with the "remove, re-grant temporary" strategy.

Change 335217 had a related patch set uploaded (by TTO):
Prevent circumventing restrictions on removing user groups with expiries

https://gerrit.wikimedia.org/r/335217

MZMcBride renamed this task from Expiring userrights: prevent circunventing of local removal restrictions to Expiring userrights: prevent circumventing of local removal restrictions.Feb 1 2017, 12:42 AM
MZMcBride added a subscriber: MZMcBride.

Change 335217 merged by jenkins-bot:
Prevent use of expiries to circumvent restrictions on removing user groups

https://gerrit.wikimedia.org/r/335217

TTO closed this task as Resolved.Feb 2 2017, 12:01 AM
TTO claimed this task.
DannyH moved this task from Untriaged to Archive on the Community-Tech board.Mar 2 2017, 6:34 PM