Page MenuHomePhabricator

Define Grants for global blocking
Closed, ResolvedPublic

Description

I'm now using API with OAuth clients for some tasks for semi automated.
However, currently can not global block or remove that via API with OAuth Clients due to not defined related GrantPermissions for global block.
Of course, I can use APIs if I set a main session to bot. but I don't want share my main sessions with bot for insecure.

For this, I propose to define a related GrantPermissions (globalblock).

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

It means we can be improve our security for user not sharing password with bots or similar .

Event Timeline

Change 425630 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/extensions/GlobalBlocking@master] Add globalblock to GrantPermissions

https://gerrit.wikimedia.org/r/425630

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

With regards to the grants, I'd not oppose creating an "administration" section for grants like globalblock/globalunblock.

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

Just in case someone starts to wonder. We have never ever shared accounts, passwords or sessions to perform stewardry job.

With regards to the grants, I'd not oppose creating an "administration" section for grants like globalblock/globalunblock.

I think this script line 30 need set a plain privileged account password.

Change 425630 merged by jenkins-bot:
[mediawiki/extensions/GlobalBlocking@master] Add globalblock to GrantPermissions

https://gerrit.wikimedia.org/r/425630

Rxy removed a project: Patch-For-Review.
Rxy moved this task from Untriaged to Medium priority on the Stewards-and-global-tools board.

deployed to meta.wikimedia