Page MenuHomePhabricator
Create Task
Maniphest T377584

Temporarily restrict local access to Special:GlobalContributions
Closed, ResolvedPublic
Actions

Description

T356294: Restrict which groups have access to Special:GlobalContributions expects to implement some form of cross-wiki permission checking in order to ensure that users can only see privileged information they have the rights to. Until then, we want to restrict access to Special:GlobalContributions to members of the global-temporary-account-viewer group (see T375117: Give access to checkuser-temporary-account on all wikis for any user who is in the checkuser or suppress group on any wiki) because that's the only group of privileged users we can guarantee has access to the information from other wikis. We don't want to disable Special:GC until this permission check is done, as we'd like to be able to allow users to test Special:GC between now and the minor pilot wiki deploy.

Based on the following premises:

  • Special:GlobalContributions will only be accessible from metawiki (see T376612: Implement Global Contributions as a central page on Meta and implement redirects from other projects)
  • No one needs IP reveal rights on meta, as meta only knows that temp accounts exists and doesn't have them enabled
  • The only local groups on meta with (eventual) access via either checkuser-temporary-account/checkuser-temporary-account-no-preference are:
    • checkuser (via extension.json)
    • checkuser-temporary-account-viewer (via autopromote in CommonSettings.php)
    • bureaucrat /sysop/suppress via core-Permissions.php
  • No one will be a member of checkuser-temporary-account-viewer, as the conditional for autopromotion ($wmgDisableIPMasking || $wmgEnableIPMasking) will return false for metawiki

We should then add a config to remove the checkuser-temporary-account/checkuser-temporary-account-no-preference rights from the remaining groups (checkuser/bureaucrat /sysop/suppress) on meta until T356294: Restrict which groups have access to Special:GlobalContributions is done (ETA is by minor pilot wiki deploy in ~1-2 weeks, as it's a blocker).

Details

SubjectRepoBranchLines +/-
Disable local IP view right group on metaoperations/mediawiki-configmaster+4 -0
Disable IP reveal rights for local metawiki groupsoperations/mediawiki-configmaster+17 -1
Customize query in gerrit

Related Objects
Search...

Event Timeline

STran created this task.Oct 18 2024, 1:48 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 18 2024, 1:48 PM
STran added a parent task: T356294: Restrict which groups have access to Special:GlobalContributions.Oct 18 2024, 1:49 PM
STran moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.
Tchanders subscribed.Oct 18 2024, 2:00 PM

This makes sense to me. So the order would be:

  1. Use config to ensure only global groups have IP reveal right on metawiki. That will allow global groups to test Special:GlobalContributions on metawiki.
  2. Implement cross-wiki permissions logic that satisfies T356294: Restrict which groups have access to Special:GlobalContributions.
  3. Fix the premissions on metawiki; i.e. revert that patch that goes with this task.
  4. Deploy to minor pilot wikis.
  5. Work on a cleaner solution for cross-wiki permission checks, if necessary.
STran updated the task description. (Show Details)Oct 18 2024, 2:08 PM
STran updated the task description. (Show Details)
gerritbot added a comment.Oct 18 2024, 2:30 PM

Change #1081415 had a related patch set uploaded (by STran; author: STran):

[operations/mediawiki-config@master] Disable IP reveal rights for local metawiki groups

https://gerrit.wikimedia.org/r/1081415

gerritbot added a project: Patch-For-Review.Oct 18 2024, 2:30 PM
JJMC89 subscribed.Oct 18 2024, 3:55 PM

global-temporary-account-viewer [is] the only group of privileged users we can guarantee has access to the information from other wikis.

There are 9 global groups with access on other wikis. 8 for all wikis and 1, global sysops, on a subset of wikis.

Johannnes89 subscribed.Oct 19 2024, 7:07 AM
STran moved this task from In Progress to Needs review on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.Oct 21 2024, 12:39 PM
gerritbot added a comment.Oct 21 2024, 1:55 PM

Change #1081415 merged by jenkins-bot:

[operations/mediawiki-config@master] Disable IP reveal rights for local metawiki groups

https://gerrit.wikimedia.org/r/1081415

Stashbot mentioned this in T376132: Set known flag for temporary accounts config on metawiki.Oct 21 2024, 1:55 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T13:55:33Z] <stran@deploy2002> Started scap sync-world: Backport for [[gerrit:1081415|Disable IP reveal rights for local metawiki groups (T377584)]], [[gerrit:1081138|Set redirect wiki for Special:GlobalContributions (T376612)]], [[gerrit:1080227|temp accounts: Make temp accounts known on metawiki (T376132)]]

Stashbot mentioned this in T376612: Implement Global Contributions as a central page on Meta and implement redirects from other projects.Oct 21 2024, 1:55 PM
Stashbot added a comment.Oct 21 2024, 1:57 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T13:57:53Z] <stran@deploy2002> stran, kharlan: Backport for [[gerrit:1081415|Disable IP reveal rights for local metawiki groups (T377584)]], [[gerrit:1081138|Set redirect wiki for Special:GlobalContributions (T376612)]], [[gerrit:1080227|temp accounts: Make temp accounts known on metawiki (T376132)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 21 2024, 2:10 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T14:10:29Z] <stran@deploy2002> Finished scap sync-world: Backport for [[gerrit:1081415|Disable IP reveal rights for local metawiki groups (T377584)]], [[gerrit:1081138|Set redirect wiki for Special:GlobalContributions (T376612)]], [[gerrit:1080227|temp accounts: Make temp accounts known on metawiki (T376132)]] (duration: 14m 55s)

Maintenance_bot removed a project: Patch-For-Review.Oct 21 2024, 2:30 PM
gerritbot added a comment.Oct 21 2024, 2:34 PM

Change #1081988 had a related patch set uploaded (by STran; author: STran):

[operations/mediawiki-config@master] Disable local IP view right group on meta

https://gerrit.wikimedia.org/r/1081988

gerritbot added a project: Patch-For-Review.Oct 21 2024, 2:34 PM
STran renamed this task from Temporary restrict local access to Special:GlobalContributions to Temporarily restrict local access to Special:GlobalContributions.Oct 21 2024, 2:35 PM
gerritbot added a comment.Oct 21 2024, 2:59 PM

Change #1081988 merged by jenkins-bot:

[operations/mediawiki-config@master] Disable local IP view right group on meta

https://gerrit.wikimedia.org/r/1081988

Stashbot added a comment.Oct 21 2024, 2:59 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T14:59:34Z] <stran@deploy2002> Started scap sync-world: Backport for [[gerrit:1081988|Disable local IP view right group on meta (T377584)]]

Stashbot added a comment.Oct 21 2024, 3:01 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T15:01:49Z] <stran@deploy2002> stran: Backport for [[gerrit:1081988|Disable local IP view right group on meta (T377584)]] synced to the testservers (https://wikitech.wikimedia.org/wiki/Mwdebug)

Stashbot added a comment.Oct 21 2024, 3:20 PM

Mentioned in SAL (#wikimedia-operations) [2024-10-21T15:20:03Z] <stran@deploy2002> Finished scap sync-world: Backport for [[gerrit:1081988|Disable local IP view right group on meta (T377584)]] (duration: 20m 29s)

Maintenance_bot removed a project: Patch-For-Review.Oct 21 2024, 3:30 PM
DerHexer subscribed.Oct 21 2024, 3:36 PM
STran moved this task from Needs review to Done on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.Oct 22 2024, 9:22 AM
STran moved this task from Done to Needs QA on the Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)) board.Oct 23 2024, 10:07 AM
kostajh edited projects, added Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15); removed Trust and Safety Product Sprint (Sprint Cello (Oct 7 - 18)).Mon, Oct 28, 11:05 AM
kostajh moved this task from Priority Backlog to Needs QA on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.
kostajh added a project: Temporary accounts.Mon, Oct 28, 5:15 PM
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Accordion October 28 - November 15) board.Fri, Nov 1, 1:59 PM
dom_walden subscribed.

I see that on https://meta.wikimedia.org/wiki/Special:ListGroupRights the rights checkuser-temporary-account and checkuser-temporary-account-no-preference do not appear at all.

kostajh closed this task as Resolved.Tue, Nov 5, 8:16 AM
Tchanders mentioned this in T356294: Restrict which groups have access to Special:GlobalContributions.Tue, Nov 5, 10:01 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits