Page MenuHomePhabricator

Proposal: Investigate splitting `abusefilter-create` out of `abusefilter-modify`
Open, Needs TriagePublic

Description

Proposal: A separate user right, abusefilter-create, be added, and only users with this right be allowed to create new edit filters.
Use case: potential global abuse-filter managers shouldn't be able to create new filters

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald Transcript

I'm unsure whether there'd be a real benefit: all rights add complexity to the code, and to their on-wiki management, so that's not something we should take lightly. Moreover, it wouldn't really help for the global group, because:

  1. They should be trusted enough to avoid doing out-of-scope stuff
  2. If they'd like, they could already cause breakage without creating new filters
  3. I believe that a member of that group could create a local AF if allowed by the community to do so. For instance, I've been asked a couple of times to provide new filters to small wikis where I had no rights.

I'm unsure whether there'd be a real benefit: all rights add complexity to the code, and to their on-wiki management, so that's not something we should take lightly. Moreover, it wouldn't really help for the global group, because:

  1. They should be trusted enough to avoid doing out-of-scope stuff
  2. If they'd like, they could already cause breakage without creating new filters
  3. I believe that a member of that group could create a local AF if allowed by the community to do so. For instance, I've been asked a couple of times to provide new filters to small wikis where I had no rights.
  1. Its not about trust, but about taking precautions
  2. Users are trusted not to be breaking things; that isn't the benefits I see
  3. And yet, you noted that the creation of new filters is out of scope - I understand the benefits of being able to help out, but it is precisely these potential benefits that can result in users accidently creating a filter on the wrong site, or using their global permissions in a way that contravenes policy

The primary benefit is to help reassure the global community that, though granted the power to block users, remove autoconfirmed status, and disallow edits, this group truly is for maintenance only, and will never need to (or be able to) create filters

  1. Its not about trust, but about taking precautions

Yes, but what I meant to say is that creating new filters is just the tip of the iceberg. If we really want to take precautions, we should also prevent other out-of-scope changes. Suppose I'm an member of that group and want to do something out of scope. I'd have tons of choices, but suppose that I'd really like to create a new filter. I don't have the right? Huh, I just head to an existing filter, empty all fields, and hijack it to do something completely different. That's why I said we don't need an extra right. It'd be useless 99% of the time.

  1. Users are trusted not to be breaking things; that isn't the benefits I see

So you just mean it as a precaution against people unintendedly creating new filters despite it being out of scope? I'd argue that members of the group must be trusted, and must know what they cannot do. But even then, again, they could simply modify an existing filter and it'd have the exact same effect.

  1. And yet, you noted that the creation of new filters is out of scope

Yes, and I can repeat that, because it's true. The exception I mentioned above is about local communities which could allow a member of this group to create new filters, or make actual changes to the existing ones. But that's a (likely one-time) exception, not something that group members are allowed to do always and everywhere, nor is it in the scope of the group.

I understand the benefits of being able to help out, but it is precisely these potential benefits that can result in users accidently creating a filter on the wrong site, or using their global permissions in a way that contravenes policy

That can happen regardless of whether they have the right to create new filters. As I said above, you'd only prevent a small part of all possible problems.

The primary benefit is to help reassure the global community that, though granted the power to block users, remove autoconfirmed status, and disallow edits, this group truly is for maintenance only, and will never need to (or be able to) create filters

As a community member, I wouldn't be reassured by that. Again, they could hijack an existing filter for the same effect.