Page MenuHomePhabricator
Create Task
Maniphest T209003

Extensions should be able to declare how blocks should handle their rights
Open, LowPublic
Actions

Description

Problem
When an extension declares a right in extension.json there is no way to specify how a block should interact with that right. Should this right be blocked when they are sitewide blocked? When they are upload blocked? email blocked? namespace blocked? etc.

Extensions typically get around this by doing something like this:

$user->isAllowed( 'custom-right' ) && $user->isBlocked()

but this doesn't work in the world of partial blocks. And the current solutions require knowing a lot about Blocks that extension developers shouldn't have to know.

Solution
Give extensions a mechanism by which (by specifying in extension.json?) blocks can deal with the rights they have declared. Then they should be able to call a single method (either User::isAllowed() or a new method) that determine if the user has access (accounting for the block, or any other sanctions the user might have from other extensions). The method should have a sensible default (i.e. the user is blocked if the user has a sitewide block, etc.)

Related Objects

Event Timeline

dbarratt created this task.Nov 7 2018, 9:52 PM
Restricted Application added subscribers: MGChecker, Aklapper. · View Herald TranscriptNov 7 2018, 9:52 PM
dbarratt moved this task from Backlog to User blocking on the MediaWiki-User-management board.Nov 7 2018, 9:52 PM
dbarratt updated the task description. (Show Details)
dbarratt updated the task description. (Show Details)
dbarratt mentioned this in T208563: Update User::isAllowed() to check the user's block with Block::prevents().Nov 7 2018, 9:58 PM
TBolliger moved this task from Untriaged to Product/Tech backlog on the Anti-Harassment board.Nov 7 2018, 10:12 PM
TBolliger moved this task from Product/Tech backlog to Snackbox on the Anti-Harassment board.Nov 16 2018, 3:44 PM
TBolliger subscribed.Nov 16 2018, 3:50 PM

David, is this aspirational or a technical requirement for extension support?

dbarratt added a comment.Nov 16 2018, 8:23 PM
In T209003#4753981, @TBolliger wrote:

David, is this aspirational or a technical requirement for extension support?

Aspirational, or rather, perhaps the way extensions ought to be able to handle blocks.

TBolliger triaged this task as Low priority.Nov 16 2018, 8:40 PM
TBolliger moved this task from Snackbox to Product/Tech backlog on the Anti-Harassment board.

OK Thank you. I don't think we can invest any time in this unless we find we need to do a refactor of blocks.

TBolliger edited projects, added Anti-Harassment (AHT Sprint 33); removed Anti-Harassment.Nov 19 2018, 9:24 PM
TBolliger moved this task from Ready to Archive of tickets closed outside this sprint, but need someplace to go on the Anti-Harassment (AHT Sprint 33) board.
TBolliger edited projects, added Anti-Harassment; removed Anti-Harassment (AHT Sprint 33).Nov 19 2018, 9:39 PM
TBolliger removed a project: Anti-Harassment.Jan 30 2019, 10:16 PM
DannyS712 edited projects, added MediaWiki-Blocks; removed MediaWiki-User-management.Apr 25 2020, 12:14 AM
Restricted Application added a project: MediaWiki-User-management. · View Herald TranscriptApr 25 2020, 12:14 AM
JJMC89 moved this task from User blocking to User rights on the MediaWiki-User-management board.Apr 25 2020, 6:15 PM
DannyS712 mentioned this in T228954: Should user rights provide details on how blocks interact with them?.Apr 25 2020, 10:30 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL