Page MenuHomePhabricator
Create Task
Maniphest T268152

Special:InvestigateBlock error is confusing
Closed, ResolvedPublic
Actions

Assigned To
Dreamy_Jazz
Authored By
DannyS712
Nov 18 2020, 4:34 PM
Tags
Referenced Files
F35214497: block_form_with_block_right.png
Jun 7 2022, 7:05 AM
F35214501: specialinvestigateblock_without_checkuser_right.png
Jun 7 2022, 7:05 AM
F35214499: specialinvestigateblock_without_block_right.png
Jun 7 2022, 7:05 AM
F35214495: block_form_without_block_right.png
Jun 7 2022, 7:05 AM
F35195647: block_form_guidedtour.png
Jun 1 2022, 8:12 AM
F35195390: block_form_before.png
Jun 1 2022, 7:48 AM
F35195396: block_form_after.png
Jun 1 2022, 7:48 AM
Subscribers
Aklapper
DannyS712
dom_walden
Legoktm
Niharika
Tchanders

Description

As a non-admin checkuser,
When I visit Special:InvestigateBlock
I am told that the functionality is only available to checkusers

Expected result:
Told that the functionality is only available to checkusers with block rights

Actual result:
Told that it is only available to checkusers

Notes:
Caused by SpecialInvestigateBlock::userCanExecute adding a check for for block rights but relying on the default parent displayRestrictionError method

Details

SubjectRepoBranchLines +/-
Show users under investigation even without the block rightmediawiki/extensions/CheckUsermaster+25 -31
Check rights for Investigate GUI and InvestigateBlock permission errorsmediawiki/extensions/CheckUsermaster+48 -15
Customize query in gerrit

Related Objects

Event Timeline

DannyS712 created this task.Nov 18 2020, 4:34 PM
Restricted Application added a project: User-DannyS712. · View Herald TranscriptNov 18 2020, 4:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
DannyS712 moved this task from Unsorted to Reports on the User-DannyS712 board.Nov 18 2020, 4:34 PM
Niharika triaged this task as Medium priority.Nov 23 2020, 8:40 PM
Niharika subscribed.

@DannyS712 Thanks for creating this. I agree it's a bug and should be fixed.

STran added a project: Anti-Harassment.Dec 17 2021, 2:16 PM
STran moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.
ARamirez_WMF moved this task from Triage/To be Estimated to CheckUser on the Anti-Harassment board.Feb 15 2022, 6:45 PM
gerritbot added a comment.May 26 2022, 2:13 PM

Change 800011 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Read rights for GUI in Investigate and perm. errors in InvestigateBlock

https://gerrit.wikimedia.org/r/800011

gerritbot added a project: Patch-For-Review.May 26 2022, 2:13 PM
Tchanders assigned this task to Dreamy_Jazz.May 27 2022, 3:35 PM
Tchanders edited projects, added Anti-Harassment (AHaT Sprint 8: The Flat Cap); removed Anti-Harassment.
Tchanders moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 8: The Flat Cap) board.
gerritbot added a comment.May 27 2022, 4:36 PM

Change 800011 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Check rights for Investigate GUI and InvestigateBlock permission errors

https://gerrit.wikimedia.org/r/800011

Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 8: The Flat Cap) board.May 31 2022, 1:18 PM
Tchanders subscribed.

Thanks for the fix @Dreamy_Jazz - moving this to QA

gerritbot added a comment.May 31 2022, 1:30 PM

Change 800011 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Check rights for Investigate GUI and InvestigateBlock permission errors

https://gerrit.wikimedia.org/r/800011

ReleaseTaggerBot added a project: MW-1.39-notes (1.39.0-wmf.15; 2022-06-06).May 31 2022, 2:00 PM
ARamirez_WMF edited projects, added Anti-Harassment (AHaT Sprint 9: The Beret); removed Anti-Harassment (AHaT Sprint 8: The Flat Cap).May 31 2022, 5:12 PM
ARamirez_WMF moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to QA/Testing 🐞 on the Anti-Harassment (AHaT Sprint 9: The Beret) board.May 31 2022, 5:13 PM
dom_walden subscribed.Jun 1 2022, 7:48 AM

@Dreamy_Jazz One side-effect of hiding the block form from Special:Investigate is that the user cannot see the usernames and IPs they are currently investigating. I think this is information the user will need to know, especially if they have multiple investigations going at the same time. Perhaps @Tchanders has an idea how this can be done.

User with block rights:

block_form_before.png (351×1 px, 25 KB)

User without block rights:

block_form_after.png (240×1 px, 19 KB)

dom_walden added a comment.Jun 1 2022, 8:12 AM

Also bear in mind that the GuidedTour includes a step explaining the block form which obviously won't make sense if the user cannot see the block form (see below).

block_form_guidedtour.png (411×1 px, 50 KB)

Dreamy_Jazz added a comment.EditedJun 3 2022, 1:43 AM

I missed that the users being investigated would be hidden. Also didn't notice there was a tour for this. I probably need to use Special:Investigate more on enwiki.

I'll write a patch to fix the issue so that only the block button is hidden instead.

I'm not sure about how to modify the tour as it's a JS file that seems static. I would need to install the associated extension to test too.

Dreamy_Jazz added a comment.Jun 4 2022, 1:54 AM

I've not been able to solve an issue with regards to the tour. I can't mix the tour code and mw.user.getRights as any code inside the callback ends up not affecting the tour. Trying to use async functions doesn't get me any further towards the goal.

gerritbot added a comment.Jun 4 2022, 2:04 AM

Change 802878 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Show users under investigation even without the block right

https://gerrit.wikimedia.org/r/802878

Dreamy_Jazz added a comment.Jun 5 2022, 1:18 AM

Discussed with Krinkle on wikimedia-tech about the issues with the guided tour. Came up with this code https://paste.toolforge.org/view/9a2bfe3e, however, this is not able to solve the issue and it seems that the guided tour extension doesn't work with anything that returns a JQuery promise.

Legoktm subscribed.Jun 5 2022, 11:17 PM

Instead of trying an async JS call, you could have the special page output a mw.config variable like wgCheckUserHasBlockRight or something.

gerritbot added a comment.Jun 6 2022, 2:17 PM

Change 802878 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Show users under investigation even without the block right

https://gerrit.wikimedia.org/r/802878

Tchanders mentioned this in T309983: Conditionally show some GuidedTour steps on Special:Investigate.Jun 6 2022, 2:28 PM
Tchanders added a comment.Jun 6 2022, 2:31 PM
In T268152#7972989, @dom_walden wrote:

Also bear in mind that the GuidedTour includes a step explaining the block form which obviously won't make sense if the user cannot see the block form (see below).

block_form_guidedtour.png (411×1 px, 50 KB)

Thanks for spotting this. There's also a problem with the 'copywikitext' step, which should also be shown conditionally. I've filed a new follow-up: T309983

@Dreamy_Jazz Thanks for the patches - we can solve the guided tour separately in T309983, probably using @Legoktm's suggestion

dom_walden moved this task from QA/Testing 🐞 to Done Q4 2022 on the Anti-Harassment (AHaT Sprint 9: The Beret) board.Jun 7 2022, 7:05 AM

How Special:Investigate now looks without block rights:

block_form_without_block_right.png (306×1 px, 29 KB)

How it looks with block rights (same as before this change):

block_form_with_block_right.png (352×1 px, 31 KB)

If you try to access Special:InvestigateBlock without block rights:

specialinvestigateblock_without_block_right.png (230×663 px, 17 KB)

If you try to access Special:InvestigateBlock without checkuser rights:

specialinvestigateblock_without_checkuser_right.png (223×788 px, 18 KB)

Also, if you don't have checkuser-log rights it will not show you the "Logs" button on the top right (which normally takes you to Special:CheckUserLog).

I tested each page of Special:Investigate with different combinations of rights (checkuser, checkuser-log and block) and checked that the basic functionality worked.

Test environment: local docker CheckUser 2.5 (3ccbacf) 20:46, 6 June 2022.

Dreamy_Jazz closed this task as Resolved.Jun 14 2022, 3:58 PM
Dreamy_Jazz moved this task from General / Unsorted to Done on the CheckUser board.
Dreamy_Jazz removed a project: Patch-For-Review.

All changes to address this have been merged, so marking as resolved.

Dreamy_Jazz moved this task from Done to Investigate on the CheckUser board.Jul 18 2022, 11:24 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL