Page MenuHomePhabricator

Special:BotPasswords grant for "access checkuser data" should have the "grants with security risk" icon
Closed, ResolvedPublicBUG REPORT

Description

Steps to replicate the issue (include links if applicable):

What happens?:

  • Checkuser has no red triangle icon

image.png (87×1 px, 5 KB)

What should have happened instead?:

  • Checkuser should have a red triangle icon next to it

image.png (90×1 px, 22 KB)

Example of a grant with a red triangle next to it:

image.png (84×1 px, 4 KB)

Software version (skip for WMF-hosted wikis like Wikipedia):

Other information (browser name/version, screenshots, etc.):

Event Timeline

It's listed in T290790: Group OAuth grants by riskiness as such but looks like I forgot to make an actual patch for it.

It's listed in T290790: Group OAuth grants by riskiness as such but looks like I forgot to make an actual patch for it.

The CheckUser extension does not define GrantPermissions and it is WMF specific configuration that does this. That might explain why it was not done in that ticket. Furthermore, it also suggests that the change is needed in WMF config and not in the CheckUser extension.

Those were added in https://gerrit.wikimedia.org/r/c/operations/mediawiki-config/+/264437 and I'm pretty sure they were meant to be temporary.

Change 1009863 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/CheckUser@master] Add grant configuration

https://gerrit.wikimedia.org/r/1009863

Change 1009864 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[mediawiki/extensions/WikimediaMessages@master] Move checkuser grant name to CheckUser extension

https://gerrit.wikimedia.org/r/1009864

Change 1009865 had a related patch set uploaded (by Gergő Tisza; author: Gergő Tisza):

[operations/mediawiki-config@master] Move checkuser grant configuration to CheckUser extension

https://gerrit.wikimedia.org/r/1009865

Change 1009863 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Add grant configuration

https://gerrit.wikimedia.org/r/1009863

Change 1009864 merged by jenkins-bot:

[mediawiki/extensions/WikimediaMessages@master] Move checkuser grant name to CheckUser extension

https://gerrit.wikimedia.org/r/1009864

Change #1009865 merged by jenkins-bot:

[operations/mediawiki-config@master] Move checkuser grant configuration to CheckUser extension

https://gerrit.wikimedia.org/r/1009865

Mentioned in SAL (#wikimedia-operations) [2024-03-28T13:53:57Z] <dreamyjazz@deploy1002> Started scap: Backport for [[gerrit:1009865|Move checkuser grant configuration to CheckUser extension (T359537)]]

Mentioned in SAL (#wikimedia-operations) [2024-03-28T13:56:23Z] <dreamyjazz@deploy1002> tgr and dreamyjazz: Backport for [[gerrit:1009865|Move checkuser grant configuration to CheckUser extension (T359537)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Mentioned in SAL (#wikimedia-operations) [2024-03-28T14:10:05Z] <dreamyjazz@deploy1002> Finished scap: Backport for [[gerrit:1009865|Move checkuser grant configuration to CheckUser extension (T359537)]] (duration: 16m 08s)