Page MenuHomePhabricator

All permission checks should be able to return a custom error message
Open, Needs TriagePublic

Description

Many permission checks only return a boolean (like User::isAllowed) or the permission error they return is hard to customize (like Title::getPermissionError which will just tell which user groups would have the required permission). This is inadequate in scenarios where permissions are restricted unexpectedly (e.g. because the user is blocked, because their account security is wanting, because the system detected something suspicious...).

All permission checks should be able to return a Message. All hooks that interfere with perimission checks (UserGetRights etc) should be able to manipulate that message. All callers to those methods should display those messages if they receive them.

Related Objects

StatusSubtypeAssignedTask
OpenNone
OpenNone
ResolvedPchelolo
ResolvedPchelolo
ResolvedPchelolo
ResolvedPchelolo
ResolvedPchelolo
ResolvedCCicalese_WMF
OpenCCicalese_WMF
OpenNone
OpenNone
OpenNone
OpenNone
DuplicateNone
OpenPchelolo
OpenNone
ResolvedCCicalese_WMF
Opendaniel
OpenPchelolo
ResolvedNone
Resolveddaniel
Opendaniel
ResolvedPchelolo
OpenPchelolo
ResolvedNone
OpenNone
ResolvedCCicalese_WMF

Event Timeline

daniel added a subscriber: daniel.

The new Authority interface allows messages to be returned from all methods that check permissions. That resolves half of this task - the other half would be to use this information in more places.