Page MenuHomePhabricator

dbarratt (David Barratt)
Software Engineer, Anti-Harassment Tools

Projects (10)

Today

  • Clear sailing ahead.

Tomorrow

  • Clear sailing ahead.

Tuesday

  • Clear sailing ahead.

User Details

User Since
May 30 2017, 9:17 PM (115 w, 4 d)
Availability
Available
IRC Nick
davidwbarratt
LDAP User
Dbarratt
MediaWiki User
DBarratt (WMF) [ Global Accounts ]

Recent Activity

Fri, Aug 16

dbarratt updated the image for InteractionTimeline from F30042601: profile to F30042604: profile.
Fri, Aug 16, 2:52 PM
dbarratt updated the image for InteractionTimeline from F30042599: profile to F30042601: profile.
Fri, Aug 16, 2:51 PM
dbarratt updated the image for InteractionTimeline from F14891255: profile to F30042599: profile.
Fri, Aug 16, 2:51 PM
dbarratt added a comment to T230616: Upgrade node.js to v10.

https://github.com/wikimedia/InteractionTimeline/pull/113

Fri, Aug 16, 2:44 PM · InteractionTimeline, Anti-Harassment (The Letter Song)
dbarratt created T230616: Upgrade node.js to v10.
Fri, Aug 16, 2:44 PM · InteractionTimeline, Anti-Harassment (The Letter Song)

Thu, Aug 15

dbarratt added a comment to T185785: Display an error message when users do not have JavaScript enabled.

I vote for doing something like <noscript><meta http-equiv="refresh" content="0; url=/no-js-version" /></noscript>. That allows us to redirect to a php page with a translated message saying that we don't support a nojs experience.

Thu, Aug 15, 4:38 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt closed T215721: Remove extraneous space from username input as Resolved.
Thu, Aug 15, 2:33 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt closed T226657: Add a mechanism to determine if a namespace is a default MW namespace, a subtask of T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does, as Resolved.
Thu, Aug 15, 2:26 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt closed T226657: Add a mechanism to determine if a namespace is a default MW namespace as Resolved.
Thu, Aug 15, 2:26 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a comment to T194439: Improve the location/discoverability of the revision link in the in-line diff container.

As I mentioned here, I don't think this change is necessary. It only makes sense if there is more than one link that needs to be displayed, but since there is only a single link I'm not not sure why we'd make this change. To me it's really clear that it's a link by it's hover state and cursor change.

Thu, Aug 15, 1:41 PM · Anti-Harassment (The Letter Song), InteractionTimeline

Wed, Aug 14

dbarratt added a comment to T185785: Display an error message when users do not have JavaScript enabled.

would we rather:

  1. Enable server-rendering which will allow us to display the message in the user’s language. This will require splitting the tool into two tools (which is trivial, imho, and can remain in a single repo if we want): https://lists.wikimedia.org/pipermail/cloud/2019-August/000774.html
  2. Leave the app as “static” and display the message in all languages?
Wed, Aug 14, 4:08 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt added a comment to T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend).

This is indeed more aggressive, but given @Anomie's fix in Gerrit 491300 for T216245: VisualEditor, MobileFrontend, and other tools using action=edit do not auto-block IP addresses (which covers ApiEdit) all is left to do here really is to make VE aware of it, if I'm not mistaken. To that end, Gerrit 528893 LGTM.

Wed, Aug 14, 2:20 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management

Mon, Aug 12

dbarratt claimed T226995: Replace Redux with useReducer() & Redux Observable with useEffect().
Mon, Aug 12, 9:35 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt moved T226995: Replace Redux with useReducer() & Redux Observable with useEffect() from Ready to In Progress on the Anti-Harassment (The Letter Song) board.
Mon, Aug 12, 9:34 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt moved T226995: Replace Redux with useReducer() & Redux Observable with useEffect() from Cards ready for development to The Letter Song on the Anti-Harassment board.
Mon, Aug 12, 9:34 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt moved T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend) from In Progress to Review on the Anti-Harassment (The Letter Song) board.

Change 529824 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/core@master] Track all requests that load the block with a block cookie
https://gerrit.wikimedia.org/r/529824

Mon, Aug 12, 9:31 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T207893: Partial Blocks are enforced as Sitewide blocks in Wikibase entities from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.

@dbarratt @Niharika have you tested this? is it good?

Mon, Aug 12, 6:12 PM · Anti-Harassment (The Letter Song), MW-1.34-notes (1.34.0-wmf.13; 2019-07-09), Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), User-Ladsgroup, MediaWiki-extensions-WikibaseRepository, Wikidata
dbarratt renamed T230363: BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same from BlockManager::getUserBlock() mixes passed in state with state from the request to BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same.
Mon, Aug 12, 4:23 PM · MediaWiki-User-management
dbarratt renamed T230363: BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same from BlockManager:; getUserBlock() mixes passed in state with state from the request to BlockManager::getUserBlock() mixes passed in state with state from the request.
Mon, Aug 12, 4:23 PM · MediaWiki-User-management
dbarratt updated the task description for T230363: BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same.
Mon, Aug 12, 4:22 PM · MediaWiki-User-management
dbarratt moved T230363: BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same from Backlog to User blocking on the MediaWiki-User-management board.
Mon, Aug 12, 4:21 PM · MediaWiki-User-management
dbarratt created T230363: BlockManager::getUserBlock() mixes passed in state with state from the request which may not be the same.
Mon, Aug 12, 4:21 PM · MediaWiki-User-management
dbarratt moved T207893: Partial Blocks are enforced as Sitewide blocks in Wikibase entities from Ready to Review on the Anti-Harassment (The Letter Song) board.
Mon, Aug 12, 3:07 PM · Anti-Harassment (The Letter Song), MW-1.34-notes (1.34.0-wmf.13; 2019-07-09), Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), User-Ladsgroup, MediaWiki-extensions-WikibaseRepository, Wikidata
dbarratt edited projects for T207893: Partial Blocks are enforced as Sitewide blocks in Wikibase entities, added: Anti-Harassment (The Letter Song); removed Anti-Harassment.
Mon, Aug 12, 3:07 PM · Anti-Harassment (The Letter Song), MW-1.34-notes (1.34.0-wmf.13; 2019-07-09), Wikidata-Campsite (Wikidata-Campsite-Iteration-∞), User-Ladsgroup, MediaWiki-extensions-WikibaseRepository, Wikidata

Fri, Aug 9

dbarratt closed T229170: Figure out why the users are not shared as Declined.

I gave up and split the users. :)

Fri, Aug 9, 10:55 PM · GraphQL

Thu, Aug 8

dbarratt added a comment to T189144: RTL support for Interaction Timeline.

Hmmm but I set up Hebrew as the interface language. Interesting. I'll give it another shot.

Thu, Aug 8, 11:27 PM · Anti-Harassment, InteractionTimeline
dbarratt moved T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend) from Review to In Progress on the Anti-Harassment (The Letter Song) board.

FYI We discussed a possible different direction for this, I'll submit a patch for discussion.

Thu, Aug 8, 11:26 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt closed T220533: Special:Block without JavaScript: "Other" field in Expiration section is required even if "Other" is not selected as Resolved.
Thu, Aug 8, 9:33 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt placed T227678: Clear block cookie if the value is invalid up for grabs.
Thu, Aug 8, 8:41 PM · Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T227678: Clear block cookie if the value is invalid from In Progress to Ready on the Anti-Harassment (The Letter Song) board.
Thu, Aug 8, 8:41 PM · Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T226657: Add a mechanism to determine if a namespace is a default MW namespace from Review to QA/Testing on the Anti-Harassment (The Letter Song) board.
Thu, Aug 8, 3:13 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a comment to T189144: RTL support for Interaction Timeline.

It will use the languages in order, you can specify more than one language in Chrome. If English comes before Hebrew, that is the one that will be used. :)

Thu, Aug 8, 3:11 PM · Anti-Harassment, InteractionTimeline

Wed, Aug 7

dbarratt claimed T227678: Clear block cookie if the value is invalid.
Wed, Aug 7, 5:06 PM · Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T227678: Clear block cookie if the value is invalid from Ready to In Progress on the Anti-Harassment (The Letter Song) board.
Wed, Aug 7, 5:06 PM · Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt moved T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend) from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Wed, Aug 7, 4:59 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management
dbarratt added a project to T196575: Add block cookie for browser-based API edits (including VisualEditor & MobileFrontend): Core Platform Team.

Core Platform Team Would be nice to get a code review of this from your team. :)

Wed, Aug 7, 4:56 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-User-management

Tue, Aug 6

dbarratt updated the task description for T226995: Replace Redux with useReducer() & Redux Observable with useEffect().
Tue, Aug 6, 8:00 PM · Anti-Harassment (The Letter Song), InteractionTimeline
dbarratt moved T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Tue, Aug 6, 12:17 AM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management

Mon, Aug 5

dbarratt added a parent task for T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does: T229895: Refactor user management logic into a UserManager service.
Mon, Aug 5, 11:58 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt added a subtask for T229895: Refactor user management logic into a UserManager service: T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does.
Mon, Aug 5, 11:58 PM · Patch-For-Review, MediaWiki-extensions-CentralAuth
dbarratt created T229895: Refactor user management logic into a UserManager service.
Mon, Aug 5, 11:58 PM · Patch-For-Review, MediaWiki-extensions-CentralAuth
dbarratt merged T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase into T229613: CentralAuth tests are broken.
Mon, Aug 5, 9:28 PM · Anti-Harassment (The Letter Song), ci-test-error, MediaWiki-extensions-CentralAuth
dbarratt merged task T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase into T229613: CentralAuth tests are broken.
Mon, Aug 5, 9:28 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth

Sat, Aug 3

Stryn awarded T227733: Draft: Masking IP addresses for increased privacy a Dislike token.
Sat, Aug 3, 5:57 PM · Privacy, MediaWiki-User-management, Anti-Harassment
revi awarded T227733: Draft: Masking IP addresses for increased privacy a The World Burns token.
Sat, Aug 3, 9:11 AM · Privacy, MediaWiki-User-management, Anti-Harassment

Fri, Aug 2

dbarratt moved T229613: CentralAuth tests are broken from Ready to Review on the Anti-Harassment (The Letter Song) board.
Fri, Aug 2, 8:00 PM · Anti-Harassment (The Letter Song), ci-test-error, MediaWiki-extensions-CentralAuth
dbarratt added a parent task for T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase: T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does.
Fri, Aug 2, 7:31 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth
dbarratt added a subtask for T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does: T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase.
Fri, Aug 2, 7:31 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt moved T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Fri, Aug 2, 7:31 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth
dbarratt moved T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase from Ready to In Progress on the Anti-Harassment (The Letter Song) board.
Fri, Aug 2, 7:28 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth
dbarratt created T229690: Returning type \Wikimedia\Rdbms\DBConnRef but getUserDB() is declared to return \Wikimedia\Rdbms\IMaintainableDatabase.
Fri, Aug 2, 7:27 PM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-extensions-CentralAuth
dbarratt closed T228479: Autopromote is blocked by a Partial Block, a subtask of T221682: Improve Block handling where User::isBlocked() was used previously, as Resolved.
Fri, Aug 2, 6:41 PM · Epic, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management
dbarratt closed T228479: Autopromote is blocked by a Partial Block as Resolved.
Fri, Aug 2, 6:41 PM · MW-1.34-notes (1.34.0-wmf.16; 2019-07-30), Patch-For-Review, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management

Tue, Jul 30

dbarratt updated subscribers of T216245: VisualEditor, MobileFrontend, and other tools using action=edit do not auto-block IP addresses.

Hmm, I suppose this is more of a product decision for @Niharika

Tue, Jul 30, 9:04 PM · Core Platform Team, VisualEditor (Current work), MW-1.33-notes (1.33.0-wmf.19; 2019-02-26), MediaWiki-API
dbarratt added a comment to T210790: Should the Action API allow cross-origin requests by default?.

To elaborate on what I said: currently, if you have a script that is supposed to make cross-wiki edits, and you accidentally forget to set the 'origin' parameter (there's a bug in the code), the script just doesn't work. If I understand your proposal correctly, then in the same situation, the script would instead make the edits as an anonymous users, and thus expose your IP address.

Tue, Jul 30, 8:17 PM · Security-Team, MediaWiki-API
Pppery awarded T227733: Draft: Masking IP addresses for increased privacy a Dislike token.
Tue, Jul 30, 7:12 PM · Privacy, MediaWiki-User-management, Anti-Harassment
dbarratt added a comment to T226657: Add a mechanism to determine if a namespace is a default MW namespace.

It's worth noting that at least one extension has custom namespaces with IDs under 90 (in fact, it assigns the IDs 16 and 17!); see a complete list (as far as known, at least). Though whether this matters for the use case here depends on whether the use case here cares about non-WMF wikis, since AFAICT WikiLexicalData is not installed on any WMF wiki (so I guess that depends on whether CentralAuth sees any real non-WMF use).

Tue, Jul 30, 4:39 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt updated the task description for T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Tue, Jul 30, 3:13 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt updated the task description for T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Tue, Jul 30, 3:13 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt updated the task description for T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Tue, Jul 30, 3:13 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt updated the task description for T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Tue, Jul 30, 3:12 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt moved T226657: Add a mechanism to determine if a namespace is a default MW namespace from In Progress to Review on the Anti-Harassment (The Letter Song) board.
Tue, Jul 30, 3:12 AM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a comment to T224468: Block list and log incorrectly report "cannot edit own talk page" for some blocks.

Regarding the error message, I was thinking something like Editing their own talk page can only be blocked for sitewide blocks or partial blocks with restrictions on the User Talk namespace. Let me know what you think.

Tue, Jul 30, 2:30 AM · MW-1.34-notes (1.34.0-wmf.17; 2019-08-06), Anti-Harassment (The Letter Song), MediaWiki-User-management

Mon, Jul 29

dbarratt added a parent task for T226657: Add a mechanism to determine if a namespace is a default MW namespace: T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does.
Mon, Jul 29, 8:55 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a subtask for T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does: T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Mon, Jul 29, 8:55 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt claimed T226657: Add a mechanism to determine if a namespace is a default MW namespace.
Mon, Jul 29, 8:54 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt added a project to T226657: Add a mechanism to determine if a namespace is a default MW namespace: Anti-Harassment (The Letter Song).
Mon, Jul 29, 8:54 PM · Core Platform Team Workboards (Clinic Duty Team), Patch-For-Review, Anti-Harassment (The Letter Song), MediaWiki-General
dbarratt closed T228534: Users with partial access to change user rights should not be blocked with a partial block, a subtask of T221682: Improve Block handling where User::isBlocked() was used previously, as Resolved.
Mon, Jul 29, 5:08 PM · Epic, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management
dbarratt closed T228534: Users with partial access to change user rights should not be blocked with a partial block as Resolved.
Mon, Jul 29, 5:08 PM · MW-1.34-notes (1.34.0-wmf.16; 2019-07-30), Patch-For-Review, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management
dbarratt added a comment to T228736: [BUG] Drawer does not appear for block messages on mobile.

The only thing I notice is that the order of "Details" and "OK" are incorrect (compared to how they were previously). If you like, I can just raise a separate bug for this.

Mon, Jul 29, 2:59 PM · Readers-Web-Backlog (Tracking), VisualEditor (Current work), MW-1.34-notes (1.34.0-wmf.16; 2019-07-30), Anti-Harassment, Regression, MediaWiki-User-management, MobileFrontend
dbarratt added a comment to T216245: VisualEditor, MobileFrontend, and other tools using action=edit do not auto-block IP addresses.

Presumably because simply clicking "Edit" on the page and loading the VisualEditor does not call action=edit.
I don't know if we want VisualEditor to mirror what the source editor does, and aggressively spread an autoblock as soon as a user attempts to edit a page.

Mon, Jul 29, 2:25 PM · Core Platform Team, VisualEditor (Current work), MW-1.33-notes (1.33.0-wmf.19; 2019-02-26), MediaWiki-API

Sat, Jul 27

dbarratt created T229170: Figure out why the users are not shared.
Sat, Jul 27, 10:16 PM · GraphQL
dbarratt closed T229165: Use ServiceWiringFiles instead of the hook as Resolved.
Sat, Jul 27, 10:15 PM · MediaWiki-extensions-GraphQL
dbarratt closed T228060: Figure out Caching of Special Pages as Resolved.
Sat, Jul 27, 10:15 PM · MediaWiki-extensions-GraphQL
dbarratt moved T229165: Use ServiceWiringFiles instead of the hook from In Progress to Done on the MediaWiki-extensions-GraphQL board.
Sat, Jul 27, 10:15 PM · MediaWiki-extensions-GraphQL
dbarratt moved T228060: Figure out Caching of Special Pages from In Progress to Done on the MediaWiki-extensions-GraphQL board.
Sat, Jul 27, 10:15 PM · MediaWiki-extensions-GraphQL
dbarratt moved T229165: Use ServiceWiringFiles instead of the hook from Backlog to In Progress on the MediaWiki-extensions-GraphQL board.
Sat, Jul 27, 10:15 PM · MediaWiki-extensions-GraphQL
dbarratt committed rLTGQ8a18ccab9e52: Update prod docker configuration (authored by dbarratt).
Update prod docker configuration
Sat, Jul 27, 7:25 PM
dbarratt moved T228060: Figure out Caching of Special Pages from Backlog to In Progress on the MediaWiki-extensions-GraphQL board.
Sat, Jul 27, 3:00 PM · MediaWiki-extensions-GraphQL
dbarratt created T229165: Use ServiceWiringFiles instead of the hook.
Sat, Jul 27, 3:00 PM · MediaWiki-extensions-GraphQL
dbarratt renamed T228538: Remove TODO for unblockself check from Ensure that users cannot unblock themselves, unless the block makes a judgement to Remove TODO for unblockself check.
Sat, Jul 27, 1:00 AM · MW-1.34-notes (1.34.0-wmf.16; 2019-07-30), Patch-For-Review, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management

Fri, Jul 26

dbarratt moved T200938: Special:CentralAuth should provide the same blocking information as Special:BlockList does from Review to In Progress on the Anti-Harassment (The Letter Song) board.
Fri, Jul 26, 7:46 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-extensions-CentralAuth, Stewards-and-global-tools, MediaWiki-User-management
dbarratt merged T229139: Partial blocks allows empty blocks into T208645: Prohibit empty blocks.
Fri, Jul 26, 7:31 PM · Anti-Harassment, MediaWiki-User-management
dbarratt merged task T229139: Partial blocks allows empty blocks into T208645: Prohibit empty blocks.
Fri, Jul 26, 7:31 PM · Anti-Harassment, User-DannyS712, MediaWiki-User-management
dbarratt awarded T191231: RFC: Abstract schemas and schema changes a Love token.
Fri, Jul 26, 1:34 PM · TechCom-RFC (TechCom-Approved), MediaWiki-Installer, Patch-For-Review, User-Addshore, Core Platform Team (Needs Cleaning - Code Health (TEC13)), SQLite, Oracle Database, MSSQL, PostgreSQL, Epic

Thu, Jul 25

dbarratt added a parent task for T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block: T228486: Partially blocked users cannot delete revisions.
Thu, Jul 25, 9:02 PM · Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-User-management
dbarratt added a subtask for T228486: Partially blocked users cannot delete revisions: T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block.
Thu, Jul 25, 9:01 PM · Core Platform Team Workboards (Clinic Duty Team), MediaWiki-API, Patch-For-Review, Anti-Harassment (The Letter Song), Technical-Debt, MediaWiki-User-management
dbarratt added a parent task for T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block: T221444: Partially blocked users cannot tag revisions on unrelated pages, nor add, deactive or delete tags.
Thu, Jul 25, 9:00 PM · Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-User-management
dbarratt added a subtask for T221444: Partially blocked users cannot tag revisions on unrelated pages, nor add, deactive or delete tags: T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block.
Thu, Jul 25, 9:00 PM · Core Platform Team Workboards (Clinic Duty Team), Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-User-management, MediaWiki-Change-tagging
dbarratt updated subscribers of T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block.

@dmaza & @Mooeypoo Today @Tchanders and I were talking about this task, and we thought that perhaps it would be better to deprecate the GetBlockedStatus hook (See: T229035). Basically, while GetBlockedStatus technically works it's not ideal. Primarily because it allows an extension to mutate the entire User object rather than just the block. Also, it conflates adding blocks with altering (changing or removing blocks).

Thu, Jul 25, 6:42 PM · Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-User-management
dbarratt updated the task description for T229035: Deprecate 'GetBlockedStatus' hook and reduce visibility of User::mBlock, User::mBlockedBy and User::mHideName.
Thu, Jul 25, 6:28 PM · Patch-For-Review, MediaWiki-User-management
dbarratt added a comment to T210790: Should the Action API allow cross-origin requests by default?.

I think defaulting to origin=* is unwise, because it would easily let a script accidentally make unauthenticated write actions, while the user thinks they are logged in, thus making the user's IP address public.

Thu, Jul 25, 5:49 PM · Security-Team, MediaWiki-API
dbarratt updated the task description for T210790: Should the Action API allow cross-origin requests by default?.
Thu, Jul 25, 3:57 PM · Security-Team, MediaWiki-API
dbarratt updated the task description for T210790: Should the Action API allow cross-origin requests by default?.
Thu, Jul 25, 3:53 PM · Security-Team, MediaWiki-API
dbarratt updated the task description for T210790: Should the Action API allow cross-origin requests by default?.
Thu, Jul 25, 3:46 PM · Security-Team, MediaWiki-API
dbarratt renamed T210790: Should the Action API allow cross-origin requests by default? from Action API should default to origin=* to Should the Action API allow cross-origin requests by default?.
Thu, Jul 25, 3:42 PM · Security-Team, MediaWiki-API
dbarratt renamed T210790: Should the Action API allow cross-origin requests by default? from Action API should default to origin=* on Wikimedia Wikis to Action API should default to origin=*.
Thu, Jul 25, 1:02 PM · Security-Team, MediaWiki-API
dbarratt updated the task description for T210790: Should the Action API allow cross-origin requests by default?.
Thu, Jul 25, 1:02 PM · Security-Team, MediaWiki-API
dbarratt created T228954: Should user rights provide details on how blocks interact with them?.
Thu, Jul 25, 3:32 AM · Technical-Debt, MediaWiki-User-management

Wed, Jul 24

dbarratt added a parent task for T228948: PermissionManager::isBlockedFrom() can return true even if the user does not have a block: T228950: Replace UserIsHidden with GetBlockedStatus in CentralAuth.
Wed, Jul 24, 11:50 PM · Anti-Harassment (The Letter Song), Patch-For-Review, MediaWiki-User-management