Page MenuHomePhabricator
Create Task
Maniphest T228948

PermissionManager::isBlockedFrom() can return true even if the user does not have a block
Closed, ResolvedPublic
Actions

Description

Problem
Calling PermissionManager::isBlockedFrom() implies that the user 1) has a block and 2) the block applies to the Title given. However, this is not necessarily the case.

UserIsBlockedFrom allows an extension to modify the result of PermissionManager::isBlockedFrom(). Unfortunately, this method hook is called regardless if the user has a block or not.

Likewise, UserIsHidden allows an extension to modify the "hidden" status of a user without actually having a block attached to the user.

Proposed Solution
Since PermissionManager::isBlockedFrom() is mainly called from PermissionManager::checkUserBlock() and that method does not call the aforementioned method unless the user has a block, it is safe (in the majority of instances) to only call this hook if the user has a block, thereby guaranteeing that a true result also guarantees that the user has a block.

The UserIsHidden hook doesn't actually make sense anymore. Extensions have the ability to add blocks to users using GetBlockedStatus. Therefore, the former hook should be deprecated in favor of the later. During the deprecation period, a SystemBlock should be generated when the result of the hook is true.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Deprecate the UserIsHidden hookmediawiki/coremaster+6 -2
Ensure block hooks keep user state consistent with realistic blocksmediawiki/coremaster+33 -18
Customize query in gerrit

Related Objects
Search...

Event Timeline

dbarratt created this task.Jul 24 2019, 11:31 PM
Restricted Application added subscribers: MGChecker, Aklapper. · View Herald TranscriptJul 24 2019, 11:31 PM
gerritbot added a comment.Jul 24 2019, 11:31 PM

Change 525305 had a related patch set uploaded (by Dbarratt; owner: Tchanders):
[mediawiki/core@master] WIP example of SystemBlock for hidden global account

https://gerrit.wikimedia.org/r/525305

gerritbot added a project: Patch-For-Review.Jul 24 2019, 11:31 PM
dbarratt mentioned this in T228950: Replace UserIsHidden with GetUserBlock in CentralAuth.Jul 24 2019, 11:50 PM
dbarratt added a parent task: T228950: Replace UserIsHidden with GetUserBlock in CentralAuth.
Tchanders claimed this task.Jul 25 2019, 2:59 PM
Tchanders moved this task from Untriaged to The Letter Song on the Anti-Harassment-Team board.
Tchanders edited projects, added Anti-Harassment-Team (The Letter Song); removed Anti-Harassment-Team.
Tchanders moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment-Team (The Letter Song) board.
Tchanders mentioned this in T229035: Deprecate 'GetBlockedStatus' hook and reduce visibility of User::mBlock, User::mBlockedBy and User::mHideName.Jul 25 2019, 5:48 PM
dbarratt added subscribers: dmaza, Mooeypoo.Jul 25 2019, 6:41 PM

@dmaza & @Mooeypoo Today @Tchanders and I were talking about this task, and we thought that perhaps it would be better to deprecate the GetBlockedStatus hook (See: T229035). Basically, while GetBlockedStatus technically works it's not ideal. Primarily because it allows an extension to mutate the entire User object rather than just the block. Also, it conflates adding blocks with altering (changing or removing blocks).

I'm wondering if it would be better to add one (or ideally two?) new hooks to BlockManager::getUserBlock(). The first would allow an extension to add blocks to the list of blocks before a potential CompositeBlock is generated and a second that would take the resulting block (either single or composite) and allow an extension to modify (or destroy) it. This would prevent an extension from mutating the User object.

dbarratt added a parent task: T221444: Partially blocked users cannot tag revisions on unrelated pages, nor add, deactive or delete tags.Jul 25 2019, 9:00 PM
dbarratt added a parent task: T228486: Partially blocked users cannot delete revisions.
Tchanders moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment-Team (The Letter Song) board.Jul 29 2019, 2:09 PM
JJMC89 moved this task from Backlog to User blocking on the MediaWiki-User-management board.Aug 13 2019, 4:57 PM
gerritbot added a comment.Aug 21 2019, 6:09 PM

Change 525305 merged by jenkins-bot:
[mediawiki/core@master] Ensure block hooks keep user state consistent with realistic blocks

https://gerrit.wikimedia.org/r/525305

Maintenance_bot removed a project: Patch-For-Review.Aug 21 2019, 6:10 PM
Tchanders added a parent task: T229692: Use GetUserBlockComplete hook instead of GetBlockedStatus in TorBlock extension.Aug 28 2019, 11:18 AM
Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment-Team (The Letter Song) board.
dom_walden moved this task from QA/Testing 🐞 to Done (2019-20: Q2) on the Anti-Harassment-Team (The Letter Song) board.Sep 5 2019, 11:34 AM
dom_walden subscribed.

Regression (testing changes made to AbstractBlock and DatabaseBlock):

  • Can create a hidden block, gets applied to user correctly when editing an article.

PermissionManager::isBlockedFrom:

  • That block information is displayed about $user when accessing User:$user or User_talk:$user (Article::showMissingArticle)
  • Editing pages

BlockManager::getUserBlock

  • Already tested incidentally above (e.g. editing while blocked).

Other testing of this change has been done (incidentally) as part of T229692 and T228950.

dbarratt closed this task as Resolved.Sep 5 2019, 2:47 PM
gerritbot added a comment.Sep 9 2019, 5:03 PM

Change 535230 had a related patch set uploaded (by Tchanders; owner: Tchanders):
[mediawiki/core@master] Deprecate the UserIsHidden hook

https://gerrit.wikimedia.org/r/535230

gerritbot added a project: Patch-For-Review.Sep 9 2019, 5:03 PM
gerritbot added a comment.Sep 9 2019, 8:01 PM

Change 535230 merged by jenkins-bot:
[mediawiki/core@master] Deprecate the UserIsHidden hook

https://gerrit.wikimedia.org/r/535230

Maintenance_bot removed a project: Patch-For-Review.Sep 9 2019, 8:10 PM
ReleaseTaggerBot added a project: MW-1.34-notes (1.34.0-wmf.22; 2019-09-10).Sep 9 2019, 9:01 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits