Page MenuHomePhabricator

Add OAuth grants for AbuseFilter private information
Closed, ResolvedPublic

Description

https://en.wikipedia.org/w/api.php?maxlag=5&action=query&list=abuselog&aflfilter=752&aflend=2018-04-01T00:00:00Z&afllimit=5000

I cannot use a BotPassword to make the above query, despite having all the boxes checked. Using my normal admin credentials on en.wp works just fine. Therefore, I should be able to grant a bot or an OAuth consumer the privileges necessary to undertake restricted AbuseFilter actions (e.g. read private logs and view private filters).

Event Timeline

Change 424775 had a related patch set (by MarcoAurelio) published:
[mediawiki/extensions/AbuseFilter@master] add grant to view private abusefilter log entries

https://gerrit.wikimedia.org/r/424775

I'd not mind moving it to the view restricted logs section @MER-C. Do @Huji and @Tgr agree it'd be better suited in that section? Thanks.

I think it is not a "basic" right per se, so moving there makes sense.

Yeah, accessing private information should definitely not come with the basic rights.

Change 424775 merged by jenkins-bot:
[mediawiki/extensions/AbuseFilter@master] add grant to view private abusefilter log entries

https://gerrit.wikimedia.org/r/424775

MarcoAurelio claimed this task.
MarcoAurelio removed a project: Patch-For-Review.

Thank you for the quick fix.