Page MenuHomePhabricator

Log when the user's access level changes
Closed, ResolvedPublic3 Estimated Story Points

Description

Background

In order to satisfy the access logging, reporting, and revoking requirements detailed in T292755: Epic: IP Info access, we need to log when certain events occur to the logging table.

AC

  • When the following events occur, we should log a line to the logging table:

From T263756#7405169:

  • user enables their own access
  • user disable their own access

Notes

  1. Originally, the first AC also included the following events:
  • user gains "basic" access
  • user gains "full" access
  • user has (all? some?) access revoked
  • user has (all? some?) access re-enabled (?)

From T263756#7407907:

  • User is granted the right to enable the tool - the ipinfo right
  • User has the right to enable the tool revoked

However, these will fall out of the work done in T296085: Create a group that grants basic ipinfo* rights, T296184: Automatically promote users to the group that grants basic rights, and T296499: Grant certain groups the ipinfo-view-full right as a user being added to/removed from a groups is logged to the user rights log, e.g. https://en.wikipedia.org/wiki/Special:Log?type=rights

Event Timeline

Restricted Application added a subscriber: Aklapper. ยท View Herald TranscriptOct 8 2021, 1:30 PM

Change 736267 had a related patch set uploaded (by Phuedx; author: Phuedx):

[mediawiki/extensions/IPInfo@master] WIP: Add IPInfo log to Special:Log

https://gerrit.wikimedia.org/r/736267

wikitrent set the point value for this task to 3.Jan 24 2022, 6:45 PM
wikitrent moved this task from Triage/To be Estimated to The Letter Song on the Anti-Harassment board.

Change 762971 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/IPInfo@master] Log whenever a user's access changes

https://gerrit.wikimedia.org/r/762971

@Niharika I may have gotten a bit ahead of myself and implemented displaying the log lines as well. Is this okay? And if so, is this copy okay?

image.png (69ร—557 px, 20 KB)

@Niharika I may have gotten a bit ahead of myself and implemented displaying the log lines as well. Is this okay? And if so, is this copy okay?

image.png (69ร—557 px, 20 KB)

Should this log also expose which level of access they got or is that captured elsewhere?

@Niharika I may have gotten a bit ahead of myself and implemented displaying the log lines as well. Is this okay? And if so, is this copy okay?

image.png (69ร—557 px, 20 KB)

Should this log also expose which level of access they got or is that captured elsewhere?

There's another log line for when they view the data, which exposes their level of access (see T300773). Is that enough?

Tchanders updated the task description. (Show Details)

Change 762971 merged by jenkins-bot:

[mediawiki/extensions/IPInfo@master] Log whenever a user's access changes

https://gerrit.wikimedia.org/r/762971

logger table view of user access changes:

Screen Shot 2022-03-02 at 12.50.33 PM.png (154ร—2 px, 75 KB)