What is the problem?
If a log entry is deleted and only the option "Hide target and parameters" is checked (screenshot), it is still possible to see information about the performer and/or target of the log action.
Note that if both the performer and target of a logged action is an IP, IPInfo will return information about both of them.
For example, if an anonymous user on 192.168.1.1 creates the page User:192.168.1.2.
Proposal 1:
We don't want to see info about the Target of a logged action at all. We are only interested in IPs that are performing actions, not having actions done on them.
Proposal 2:
Come up with some sort of permissions logic based on whether user has ipinfo, deletedhistory (which allows them to see deleted log entries, I think...) and/or suppressionlog (which allows them to see suppressed log entries).
Below are some of my own proposals of how it could work.
The deleted state of a log entry (based on the bit field in the logging table, which are defined in English below) and what users with different rights should be able to see:
Deleted State | ipinfo | ipinfo + deletedhistory | ipinfo + suppressionlog |
DELETED_ACTION | Cannot view | Performer + Target | Performer + Target |
DELETED_USER | Cannot view | Performer + Target | Performer + Target |
DELETED_RESTRICTED + DELETED_ACTION | Cannot view | Cannot view | Performer + Target |
DELETED_RESTRICTED + DELETED_USER | Cannot view | Cannot view | Performer + Target |
The equivalent deleted state as it appears in English:
DELETED_ACTION = "Hide target and parameters"
DELETED_USER = "Editor's username/IP address"
DELETED_RESTRICTED = "Suppress data from administrators as well as others"
Proposal 3:
Similar to 2, but a bit more granular:
Deleted State | ipinfo | ipinfo + deletedhistory | ipinfo + suppressionlog |
DELETED_ACTION | Performer | Performer + Target | Performer + Target |
DELETED_USER | Target | Performer + Target | Performer + Target |
DELETED_RESTRICTED + DELETED_ACTION | Performer | Performer | Performer + Target |
DELETED_RESTRICTED + DELETED_USER | Target | Target | Performer + Target |
Steps to reproduce problem
- Login as a user with deletelogentry rights
- Go to Special:Log
- Find a log of an action performed by or performed on an IP
- Check the box next to it and click "Change visibility of selected log entries"
- Make a note of the log id, which will be in the url (e.g. ?action=historysubmit&type=logging&revisiondelete=1&ids[$log_id]=1)
- Check "Hide target and parameters" and click "Apply to selected revision"
- Login as another user who has ipinfo permissions but not other permissions (like deletedhistory or suppressionlog)
- Go to $wiki_url/rest.php/ipinfo/v0/log/$log_id
Expected behavior: You cannot see any information about the IP(s)
Observed behavior: See information about the IP(s)
Environment
Wiki(s): local docker environment MediaWiki 1.36.0-alpha (ac4a4f5) 06:33, 7 October 2020; IP Info 0.0.0 (fba8213) 06:36, 7 October 2020