==== Background
Following {T300263}, IP addresses for temporary accounts will only be stored in the CheckUser tables. This is by design, to protect user privacy.
However, IP addresses form an important part of anti-vandalism workflows, and need to be made visible to trusted users for these purposes.
IP addresses used by temporary account users will be visible to some trusted users who are not CheckUsers (to be defined, but see {T300289} for example).
==== What needs to be done
We need CheckUser to be able to return, for users with a permission other than `checkuser` (name of new permission tbc):
* All IP addresses (up to a configurable limit), given a temporary account name (e.g. for {T324602})
* An IP address, given a temporary account name and a revision ID (for e.g. {T326392})
* An IP address, given a temporary account name and a timestamp (e.g. for {T326393})
This should be done carefully and might be a new endpoint, to avoid the possibility of revealing sensitive information to users without the `checkuser` permission.
==== Notes
The `cu_changes` table doesn't guarantee that a particular combination of username/revId or username/timestamp will be unique, so there could in theory be multiple IP addresses associated with these. In that case, it won't be clear which one should be shown in a history line, log line, etc. For now we will just pick one, perhaps the most recent.
This work will be affected by {T324907}. After that task:
* we can look up a log entry by log ID in the `cu_log_event` table
* when looking for all IPs, we'll need to look in all the relevant tables