Quoting the "Things to note (not part of this task)" section of T264150: User needs to request access to IP information [L]:
- T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
- If a user’s permission is revoked by us, they should not be able to activate it again
- Legal would like us to capture who had access to IP Info at any given time in case an incident occurs
- There is a possibility that users might need to regain access periodically (TBD)
- There is a possibility that the wording on the agreement might change, based on Legal review.
Given the above and T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L], there are additional requirements around allowing users to enable and disable the IPInfo tool. These requirements should be captured in an API and all other parts of IP Info interact with should only interact with that API.
Proposed API
<?php namespace MediaWiki\Extensions\IPInfo; use MediaWiki\User\UserIdentity; use StatusValue; interface UserAccessManager { /** * Whether the user has enabled the tool. For use with `UserAccessManager::userHasAccess()` and * `UserAccessManager::userCanRequestAccess()`. */ public const USER_ENABLED = 1; /** * Whether the user has agreed to the terms of use of the tool. For use with * `UserAccessManager::userHasAccess()` and `UserAccessManager::userCanRequestAccess()`. */ public const USER_AGREED_TO_TERMS = 2; /** * Grants the user the specified level of access to the tool. * * If the user cannot be granted the specified level of access, e.g. they have had their access * permanently revoked by another user, then a fatal status is returned. * * If the level of access is `UserAccessManager::USER_AGREED_TO_TERMS`, then the grant is * logged. * * @param UserIdentity $user * @param int $access The level of access being granted, i.e. `UserAccessManager::USER_ENABLED` * or `UserAccessManager::USER_AGREED_TO_TERMS` * @return StatusValue */ public function grantUserAccess( UserIdentity $user, int $access ): StatusValue; public function userHasAccess( UserIdentity $user, int $access ): StatusValue; /** * Gets whether the user can be granted the specified level of access and, if not, then why * not. * * @param UserIdentity $user * @param int $access The level of access being granted, i.e. `UserAccessManager::USER_ENABLED` * or `UserAccessManager::USER_AGREED_TO_TERMS` * @return StatusValue */ public function userCanBeGranted( UserIdentity $user, int $access ): StatusValue; /** * Revokes all access for the user and logs it. * * @internal * * @param UserIdentity $target * @param UserIdentity $actor The user who is performing the revocation * @param bool $permanent * @return StatusValue */ public function revokeUserAccess( UserIdentity $target, UserIdentity $actor, bool $permanent = false ): StatusValue; /** * Revokes all access for all users. * * @internal * * @param UserIdentity $actor * @param bool $permanent * @return StatusValue */ public function revokeAllUsersAccess( UserIdentity $actor, bool $permanent = false ): StatusValue; }
Notes
- We will log access level grants or revocations to the table created in T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L]