Background
Quoting T292755: Epic: IP Info access:
From T264150: User needs to request access to IP information [L] only:
- T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
- If a user’s permission is revoked by us, they should not be able to activate it again
- There is a possibility that users might need to regain access periodically (TBD)
While estimating T291854: Create revoke user access maintenance script, we also discussed:
- The user's access should be revoked across all wikis
In the interest of keeping the IP Info MVP simple, we should create a maintenance script to satisfy the emphasised requirements above.
AC
Running php /path/to/mediawiki/extensions/IPInfo/maintenance/revokeUserAccess.php --target=... --actor=... (where actor is the user revoking access and target the user whose access is being revoked):
- NOPs if the actor doesn't have the userrights right
- Revokes the user's access to the tool
- Logs the action to the ipinfo log
- The user is not allowed to activate the feature again
Notes
- Revoking the user's access to the tool is equivalent to removing the user to the group created in T296085: Create a group that grants basic ipinfo* rights
- You can programatically remove a user to a group using \MediaWiki\User\UserGroupManager::removeUserFromGroup()