Page MenuHomePhabricator

Blocks should be an implementation detail of an abstract authorization system
Open, Needs TriagePublic

Description

Blocks currently exist as an integral part of the authorization system of MediaWiki. Unfortunately, code (core, extensions, etc.) must be aware of what blocks are and how they work. This has forced code to ask questions like

  • Is the user blocked?
  • Does the user have more than one block?
  • Are they sitewide blocked?
  • Are they blocked from this page?
  • Are they blocked from this namespace?
  • Is the account locked? (i.e. cannot login)

The question code should be asking is:

  • Can the user perform X action?
  • If not, why not?

In this way, Blocks are an implementation detail in an authorization system.

An extension should always be able to hook into the authorization system and make it's own assessment, or change the assessment of other systems.

Event Timeline

dbarratt created this task.Dec 19 2018, 4:07 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptDec 19 2018, 4:07 PM
dbarratt updated the task description. (Show Details)Dec 19 2018, 4:11 PM
Tgr added a subscriber: Tgr.Dec 22 2018, 7:40 PM

See T212341#4841566 on why this is not that easy without major changes to the authorization system.
The lack of support for "why not?" questions in many places is T180888: All permission checks should be able to return a custom error message.

See T212341#4841566 on why this is not that easy without major changes to the authorization system.

Yes. I assumed as much when looking at the code.

Izno updated the task description. (Show Details)May 5 2019, 5:34 PM