Create IPInfo access manager
Closed, InvalidPublic
Actions

Assigned To

None

Authored By

	phuedx
	Sep 27 2021, 12:45 PM

Description

Quoting the "Things to note (not part of this task)" section of T264150: User needs to request access to IP information [L]:

T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse

If a user’s permission is revoked by us, they should not be able to activate it again

Legal would like us to capture who had access to IP Info at any given time in case an incident occurs

There is a possibility that users might need to regain access periodically (TBD)

There is a possibility that the wording on the agreement might change, based on Legal review.

Given the above and T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L], there are additional requirements around allowing users to enable and disable the IPInfo tool. These requirements should be captured in an API and all other parts of IP Info interact with should only interact with that API.

Proposed API

<?php

namespace MediaWiki\Extensions\IPInfo;

use MediaWiki\User\UserIdentity;
use StatusValue;

interface UserAccessManager {

	/**
	 * Whether the user has enabled the tool. For use with `UserAccessManager::userHasAccess()` and
	 * `UserAccessManager::userCanRequestAccess()`.
	 */
	public const USER_ENABLED = 1;

	/**
	 * Whether the user has agreed to the terms of use of the tool. For use with
	 * `UserAccessManager::userHasAccess()` and `UserAccessManager::userCanRequestAccess()`.
	 */
	public const USER_AGREED_TO_TERMS = 2;

	/**
	 * Grants the user the specified level of access to the tool.
	 *
	 * If the user cannot be granted the specified level of access, e.g. they have had their access
	 * permanently revoked by another user, then a fatal status is returned.
	 *
	 * If the level of access is `UserAccessManager::USER_AGREED_TO_TERMS`, then the grant is
	 * logged.
	 *
	 * @param UserIdentity $user
	 * @param int $access The level of access being granted, i.e. `UserAccessManager::USER_ENABLED`
	 *  or `UserAccessManager::USER_AGREED_TO_TERMS`
	 * @return StatusValue
	 */
	public function grantUserAccess( UserIdentity $user, int $access ): StatusValue;

	public function userHasAccess( UserIdentity $user, int $access ): StatusValue;

	/**
	 * Gets whether the user can be granted the specified level of access and, if not, then why
	 * not.
	 *
	 * @param UserIdentity $user
	 * @param int $access The level of access being granted, i.e. `UserAccessManager::USER_ENABLED`
	 *  or `UserAccessManager::USER_AGREED_TO_TERMS`
	 * @return StatusValue
	 */
	public function userCanBeGranted( UserIdentity $user, int $access ): StatusValue;

	/**
	 * Revokes all access for the user and logs it.
	 *
	 * @internal
	 *
	 * @param UserIdentity $target
	 * @param UserIdentity $actor The user who is performing the revocation
	 * @param bool $permanent
	 * @return StatusValue
	 */
	public function revokeUserAccess( UserIdentity $target, UserIdentity $actor, bool $permanent = false ): StatusValue;

	/**
	 * Revokes all access for all users.
	 *
	 * @internal
	 *
	 * @param UserIdentity $actor
	 * @param bool $permanent
	 * @return StatusValue
	 */
	public function revokeAllUsersAccess( UserIdentity $actor, bool $permanent = false ): StatusValue;
}

Notes

We will log access level grants or revocations to the table created in T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L]

Related Objects
Search...

Status	Assigned	Task
Open	None	T285977 IP Info
Resolved	• Niharika	T292755 Epic: IP Info access
Invalid	None	T291827 Create IPInfo access manager

Event Timeline

phuedx created this task.Sep 27 2021, 12:45 PM

phuedx updated the task description. (Show Details)

phuedx updated the task description. (Show Details)Sep 27 2021, 12:51 PM

phuedx added a subtask: T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L].

phuedx removed a project: Anti-Harassment (The Letter Song).Sep 27 2021, 2:53 PM

phuedx renamed this task from Implement IPInfo access manager API to Implement IPInfo access manager.Sep 27 2021, 3:01 PM

phuedx updated the task description. (Show Details)Sep 27 2021, 3:04 PM

phuedx renamed this task from Implement IPInfo access manager to Create IPInfo access manager.Sep 27 2021, 5:12 PM

phuedx updated the task description. (Show Details)Sep 27 2021, 5:14 PM

phuedx added a project: Anti-Harassment.Sep 30 2021, 12:33 PM

phuedx moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.

This LGTM, and having looked at this also helps out in working on this ticket and helps answer a few questions @STran has here

Does grantUserAccess/revokeUserAccess have the ability to grant/revoke a level of access? Based on the discussion about basic vs full access.

Presumably this API would be used by Legal or whoever else has access to modifying other people's access permissions. Is this independent from what happens on the Special:Preferences page? It's not clear to me how this would be used to change/log access from the preferences form, if at all. If not, is there a case where someone else can grant/revoke USER_AGREED_TO_TERMS to someone?

phuedx removed a subtask: T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L].Oct 8 2021, 1:31 PM

phuedx edited parent tasks, added: T292755: Epic: IP Info access; removed: T264150: User needs to request access to IP information [L].Oct 8 2021, 1:34 PM

phuedx removed a project: Anti-Harassment.Oct 13 2021, 4:52 PM

I created this task before we had all of the requirements from the Legal team and we had decided that we were going to use the logging table (and associated infrastructure). I'm happy to reopen this task/create a new one if patterns emerge in the areas of the codebase to do with granting/monitoring access.

• Niharika moved this task from Backlog to Closed on the IP Info board.Aug 8 2022, 7:59 PM

Create IPInfo access managerClosed, InvalidPublicActions