It'd be good if OAuth consumers could request the ability to use checkuser, so that tools could be built to analyse checkuser data.
Version: unspecified
Severity: enhancement
Description
Description
Details
Details
- Reference
- bz59929
Event Timeline
Comment Actions
This seems like a bug for Wikimedia / Site requests to have it added to $wgMWOAuthGrantPermissions in the config for WMF sites. Since checkuser isn't core MediaWiki, it seems awkward to have OAuth try to handle it.
Comment Actions
For a minimal implementation, just add $wgMWOAuthGrantPermissions['checkuser']['checkuser'] = true; into InitializeSettings.php, and make sure the message mwoauth-grant-checkuser gets defined in Ex:WikimediaMessages. The authorization screen will show the grant under the "Miscellaneous activity" grants group, which isn't too bad since the number of potential users is so small.
Comment Actions
(In reply to comment #2)
into InitializeSettings.php
Should that be CommonSettings.php, specifically somewhere in https://git.wikimedia.org/blob/operations%2Fmediawiki-config.git/3a1f34f81065764fb787e5290e916df44593c5fa/wmf-config%2FCommonSettings.php#L2523 ?
Comment Actions
(In reply to comment #1)
This seems like a bug for Wikimedia / Site requests to have it added to
$wgMWOAuthGrantPermissions in the config for WMF sites. Since checkuser isn't
core MediaWiki, it seems awkward to have OAuth try to handle it.
I don't see why OAuth can't handle it. It's fine if extensions know about each other, so just do some kind of if class_exists( 'CheckUser' ) { load CU stuff; }
Comment Actions
Because then you have a weird maze of different files to dig through to try to find where some setting is being set. When one extension needs some complex configuration based on the other then this might make sense, but for something simple like this I don't see it.
That particular suggestion would also depend on the ordering of the loading of the extensions, unless you're doing it in $wgExtensionFunctions which can have its own issues.
Comment Actions
(In reply to comment #5)
Because then you have a weird maze of different files to dig through to try
to
find where some setting is being set. When one extension needs some complex
configuration based on the other then this might make sense, but for
something
simple like this I don't see it.
I would just stick a comment saying # Note additional settings might be conditionally set in File.php
My expectation would be that if I have CheckUser and OAuth installed, it would just work, without requiring identical configuration that every wiki needs to set up.
That particular suggestion would also depend on the ordering of the loading
of
the extensions, unless you're doing it in $wgExtensionFunctions which can
have
its own issues.
I was thinking that rather than functions using $wgMWOAuthGrantPermissions directly, you could have an intermediate function which adds the conditional ones. But I don't know the extension as well as you do, so I'll defer to your judgement :)
Comment Actions
(In reply to comment #6)
My expectation would be that if I have CheckUser and OAuth installed, it
would
just work, without requiring identical configuration that every wiki needs to
set up.
But then where do we stop? Why not have OAuth and JoesFabulousExtension "just work" too?
Also, while looking at bug 60392, I realized another problem here with regard to wiki farms: even if the other extension itself isn't enabled on a particular wiki, the configuration needs to be present on all of them or granting doesn't show up right. But if the extension isn't installed at all, we don't want to be dumping it in the config because it won't make sense.
Comment Actions
Change 109309 had a related patch set uploaded by Anomie:
Message for checkuser OAuth group