Page MenuHomePhabricator
Create Task
Maniphest T291854

Create revoke user access maintenance script
Closed, InvalidPublic
Actions

Description

Background

Quoting T292755: Epic: IP Info access:

From T264150: User needs to request access to IP information [L] only:

  • T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
  • If a user’s permission is revoked by us, they should not be able to activate it again
  • There is a possibility that users might need to regain access periodically (TBD)

While estimating T291854: Create revoke user access maintenance script, we also discussed:

  • The user's access should be revoked across all wikis

In the interest of keeping the IP Info MVP simple, we should create a maintenance script to satisfy the emphasised requirements above.

AC

Running php /path/to/mediawiki/extensions/IPInfo/maintenance/revokeUserAccess.php --target=... --actor=... (where actor is the user revoking access and target the user whose access is being revoked):

  • NOPs if the actor doesn't have the userrights right
  • Revokes the user's access to the tool
  • Logs the action to the ipinfo log
  • The user is not allowed to activate the feature again
Notes
  1. Revoking the user's access to the tool is equivalent to removing the user to the group created in T296085: Create a group that grants basic ipinfo* rights
  2. You can programatically remove a user to a group using \MediaWiki\User\UserGroupManager::removeUserFromGroup()

Related Objects
Search...

Event Timeline

phuedx renamed this task from Implement revoke user access maintenance script to Create revoke user access maintenance script.Sep 27 2021, 5:11 PM
phuedx created this task.
phuedx added a parent task: T292755: Epic: IP Info access.Oct 8 2021, 1:35 PM
phuedx removed a parent task: T264150: User needs to request access to IP information [L].Oct 8 2021, 1:38 PM
phuedx mentioned this in T264150: User needs to request access to IP information [L].Nov 9 2021, 9:55 AM
Niharika updated the task description. (Show Details)Nov 17 2021, 5:42 PM
Niharika added a project: Anti-Harassment.Nov 17 2021, 5:44 PM
Niharika moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.
ARamirez_WMF moved this task from Triage/To be Estimated to Pre-estimation/Triage on the Anti-Harassment board.Nov 17 2021, 5:54 PM
phuedx mentioned this in T292755: Epic: IP Info access.Nov 19 2021, 1:24 PM
phuedx updated the task description. (Show Details)Nov 19 2021, 2:43 PM
phuedx closed subtask T296186: Create a group that revokes all ipinfo* rights as Invalid.Nov 24 2021, 5:38 PM
phuedx updated the task description. (Show Details)Nov 24 2021, 5:43 PM
phuedx updated the task description. (Show Details)
JayCano updated the task description. (Show Details)Nov 24 2021, 5:55 PM
ARamirez_WMF moved this task from Pre-estimation/Triage to Triage/To be Estimated on the Anti-Harassment board.Nov 24 2021, 5:56 PM
phuedx updated the task description. (Show Details)Nov 24 2021, 6:02 PM
phuedx updated the task description. (Show Details)
phuedx moved this task from Triage/To be Estimated to Pre-estimation/Triage on the Anti-Harassment board.Nov 24 2021, 6:06 PM
phuedx closed this task as Invalid.Nov 24 2021, 7:07 PM
phuedx added a subscriber: STran.

On second thought, I'm going to close this task as Invalid for the following reasons:

  1. @STran raised a concern about the security implications of having the actor parameter: that a malicious user could masquerade as someone else
  2. @Niharika making the call to use the autopromote once mechanism (see T296085#7527553) means that users with the userrights right can remove a user from the group via the MediaWiki UI
  3. When a user is removed from a group it is logged to the rights log, e.g. see https://en.wikipedia.org/wiki/Special:Log?type=rights
  4. Members of the Trust and Safety team who are in the wmf-supportsafety group have the userrights right: https://gerrit.wikimedia.org/g/operations/mediawiki-config/+/d22090c014be2cf17d22f15b55bcbd678dbfee98/wmf-config/InitialiseSettings.php#10362

🎉

Niharika closed subtask T296085: Create a group that grants basic ipinfo* rights as Resolved.Mar 8 2022, 12:29 AM
Niharika moved this task from Backlog to Closed on the IP Info board.Aug 8 2022, 7:59 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL