Page MenuHomePhabricator

Define Suppress grants
Open, NormalPublic

Description

I'm now using API with OAuth clients for some tasks for semi automated.
However, currently can not oversight stuff via API with OAuth Clients due to not defined related GrantPermissions for Oversight stuff.
Of course, I can use APIs if I set a main session to bot. but I don't want share my main sessions with bot for insecure.

For this, I propose to define a related GrantPermissions (hideuser, suppressrevision, viewsuppressed, suppressionlog).

If we had this, we do not need to share a passwords or an user sessions with bots for using automated process.

It means we can be improve our security for user not sharing password with bots or similar .

Related tasks: T192025 , T192024

Event Timeline

Rxy created this task.Aug 29 2018, 11:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 29 2018, 11:00 PM

Change 456305 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/core@master] Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/456305

Rxy triaged this task as Normal priority.Aug 29 2018, 11:44 PM
Rxy added a project: User-Rxy.
Rxy moved this task from Backlog to In progress - Development on the User-Rxy board.

Change 456651 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/core@master] Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/456651

Change 456651 abandoned by Rxy:
Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/456651

Rxy added a subscriber: Anomie.Sep 11 2018, 3:10 AM

Change 460727 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/core@master] Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/460727

Change 460727 abandoned by Rxy:
Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/460727

Change 460728 had a related patch set uploaded (by Rxy; owner: Rxy):
[mediawiki/core@master] Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/460728

Change 460728 abandoned by Rxy:
Add suppress related permissions to $wgGrantPermissionGroups

https://gerrit.wikimedia.org/r/460728

Tgr added a subscriber: Tgr.

Can someone from Legal and/or security check if there are any legal/privacy concerns about this? (E.g., enforcement concerns of Access to nonpublic information policy.) A web application with this grant could show an authorization dialog with potentially misleading description / a suppress grant that's hard to spot in the list of all grants, and if an oversighter carelessly clicks it through without realizing what grants are given, the application would then have access to nonpublic information as it pleases.

(Note that suppress would not be the first grant that gives access to nonpublic information - CheckUser already provides a grant.)

Presumably this kind of thing should be prevented by OAuth admins vetting such consumers, but then it would be nice to have some guidelines on what the vetting requirements should be.
(A simple approach could be that such consumers are never accepted. That would still allow people to use the grant with bot passwords / owner-only OAuth consumers for their own bots.)

Rxy reassigned this task from Rxy to Jalexander.Sep 25 2018, 10:34 AM
revi removed Jalexander as the assignee of this task.Jan 19 2019, 1:37 PM
revi added subscribers: Jalexander, revi.

Removed James from assignee since he is no longer working for the Foundation. Someone else from Trust-and-Safety should review this but not sure who exactly will be that 'someone else'.

Rxy moved this task from Development to Stalled on the User-Rxy board.Mar 18 2019, 4:15 PM