Page MenuHomePhabricator

Tie certain user rights to elevated security
Open, Needs TriagePublic

Description

Some features are dangerous and require higher security (in the sense of AuthManager::securitySensitiveOperationStatus); the current approach is to mark special pages as being security sensitive. That's somewhat fragile (someone might mark the special page but forget to mark the API; the special page might get renamed; the same functionality might be available via other pages, unknown to the developer setting the security level). As a fallback mechanism, it would be nice if we could do the same for user rights directly. That would result in poor UX (no way to stash POSTs like the special pages do, no way to create custom error messages (T180888)) but for a fallback mechanism (that is only supposed to be invoked when the interface-level permission checking had a gap) that should be all right.

We would need to differentiate between "user can do X now" and "user can do X after reauthentication" as permission checks are also used for generating edit links and such so currently if the system determines the user can't perform some action, the option perform it is not even presented.

Event Timeline

Tgr created this task.Jun 13 2018, 3:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJun 13 2018, 3:48 PM

You would also have to be careful about the case where the right is just checked for asethic purposes (e.g. adding a link to the special page if the user has the right to do the action)

Tgr added a comment.Jun 13 2018, 4:39 PM

Good point, there would probably have to be two ways of checking permissions, "has right now" and "can obtain".

Vvjjkkii renamed this task from Tie certain user rights to elevated security to b3aaaaaaaa.Jul 1 2018, 1:04 AM
Vvjjkkii triaged this task as High priority.
Vvjjkkii updated the task description. (Show Details)
Vvjjkkii removed a subscriber: Aklapper.
CommunityTechBot renamed this task from b3aaaaaaaa to Tie certain user rights to elevated security.Jul 2 2018, 1:50 PM
CommunityTechBot raised the priority of this task from High to Needs Triage.
CommunityTechBot updated the task description. (Show Details)
CommunityTechBot added a subscriber: Aklapper.
He7d3r added a subscriber: He7d3r.Aug 13 2018, 11:38 AM
Tgr updated the task description. (Show Details)Dec 5 2018, 11:22 PM
Tgr added a comment.Dec 27 2018, 8:11 AM

You would also have to be careful about the case where the right is just checked for asethic purposes (e.g. adding a link to the special page if the user has the right to do the action)

Filed as T212639: Separate could do / can do / is doing permission checks in MediaWiki.

Izno added a subscriber: Izno.Dec 29 2018, 2:26 PM