Page MenuHomePhabricator

Improve support for read access restriction / access control
Closed, DuplicatePublic

Description

Problem

There are a lot of extension using the userCan hook for access control. Yet there are still parts of the core where userCan is not considered. This is true in particular for read access. For example, afaik, QueryPages do not consider read access. Quite often, this is as simple as adding a userCan hook call. I'm not proposing to make Mediawiki read access bullet proof, but to fix the most obvious read access holes.

Who would benefit

Extension developers who need to implement access control for their mediawikis

Proposed solution

We can use this list as a basis: https://www.mediawiki.org/wiki/Security_issues_with_authorization_extensions . It needs to be updated to the current state of MediaWiki. Then the open questions / issues can be addressed in the code. Ideally, at the end we have a positive list of which pages / actions consider read access.

Event Timeline

Mglaser created this task.Jan 31 2017, 10:55 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 31 2017, 10:55 AM

This proposal is selected for the Developer-Wishlist voting round and will be added to a MediaWiki page very soon. To the subscribers, or proposer of this task: please help modify the task description: add a brief summary (10-12 lines) of the problem that this proposal raises, topics discussed in the comments, and a proposed solution (if there is any yet). Remember to add a header with a title "Description," to your content. Please do so before February 5th, 12:00 pm UTC.

MGChecker added a subscriber: Luke081515.
Tgr added a subscriber: Tgr.Jan 4 2019, 4:18 PM
Tgr added a comment.Jan 4 2019, 7:22 PM

This is primarily of interest to third parties, but there are some Wikimedia use cases. Abuse filters are an example of a special page that makes a lot of effort to simulate page content behavior (edit history, diffs, deletion, etc) and still gets fairly crappy results, so it would make sense to turn filters into wiki pages. Except some filters are not supposed to be visible to all users, and currently wiki pages can't reliably do that. Also requiring a private wiki for every wiki that needs private discussion / documentation (like enwiki arbcom) is not so great.

Tgr added a comment.Apr 27 2019, 7:05 AM

The IntraACL patch list seems like a good starting point. Maybe the one for Lockdown too, although that seems less maintained.

Besides IntraACL, Lockdown/NSFileRepo and AccessControl look pretty well-maintained, those might be a good basis for reviewing what might or might not be supported today.

cicalese triaged this task as Medium priority.Jul 30 2019, 11:56 PM
cicalese moved this task from Inbox to Needs Discussion on the MediaWiki-Stakeholders-Group board.
Izno added a subscriber: Izno.Aug 20 2019, 3:09 AM