Last modified: 2012-07-04 11:19:10 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T30363, the corresponding Phabricator task for complete and up-to-date bug report information.
Bug 28363 - Allow per-user or per-group exemptions from the use of CheckUser
Allow per-user or per-group exemptions from the use of CheckUser
Status: RESOLVED WONTFIX
Product: MediaWiki extensions
Classification: Unclassified
CheckUser (Other open bugs)
unspecified
All All
: Normal enhancement (vote)
: ---
Assigned To: ^nt
: patch
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-04-01 14:22 UTC by ^nt
Modified: 2012-07-04 11:19 UTC (History)
8 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---


Attachments
Proposed patch (3.41 KB, text/plain)
2011-04-20 09:00 UTC, ^nt
Details
Proposed patch in patch format, with interface messages added (6.37 KB, patch)
2011-04-20 10:09 UTC, Simon Walker
Details

Description ^nt 2011-04-01 14:22:35 UTC
Add right 'checkuser-protect'.

If user has this right, it disallowing check IP-addresses of this user. And his data does not displayed if CheckUser check his IP range.
Comment 1 Casey Brown 2011-04-01 19:17:32 UTC
Why is this necessary?  CheckUser is supposed to be restricted as is, so I don't know why we'd need to hide the data from even them.  We don't really have anything like this either, e.g., there's no "block-protect".
Comment 2 ^nt 2011-04-02 07:29:03 UTC
For protect from disclosure personal data of bureaucrats, sysops and other trusted users when check IP ranges.

In some private wikis this right would be very helpful.
Comment 3 Happy-melon 2011-04-04 10:11:46 UTC
Quis custodiet ipsos custodes?
Comment 4 Tim Starling 2011-04-04 11:34:22 UTC
Closing as WONTFIX. Maybe if there was some sort of community discussion then we could consider it, but I think it's a bad idea. The point of CheckUser is so that the editor community can sort out identity disputes themselves, without bothering sysadmins. This change would be a step backwards: when sysops or bureaucrats are suspected of having sockpuppets, the CheckUser request would be forwarded to a sysadmin instead of handled in the usual way.
Comment 5 ^nt 2011-04-04 14:14:36 UTC
Reopened.

This is NOT for Wikimedia projects and I not proposal enable this right in Wikimedia sites.

This is proposal of OPTIONAL right, not defined by default, for use in private wikis, not related to Wikimedia...
Comment 6 ^nt 2011-04-04 14:18:31 UTC
Example:

If I sysadmin and founder of wiki-site, I have the right to protect my personal data from local checkusers, this is mistake proofing.
Comment 7 Brion Vibber 2011-04-07 21:52:30 UTC
Currently this is not a change that will be accepted into the main repository; as noted above, the requested feature doesn't mesh with CheckUser's design goals (use by a trusted admin subset on Wikimedia Foundation sites, with a flat permission access level).

However since the code is available to you, please feel free to modify it for your own custom use case. It should pretty much be a matter of adding:

  global $wgUser;
  if ( $wgUser->hasRight( 'checkuser-protect' ) ) {
    return true;
  }

to some of the hook functions in CheckUser.php.
Comment 8 MZMcBride 2011-04-07 22:24:06 UTC
(In reply to comment #7)
> Currently this is not a change that will be accepted into the main repository;
> as noted above, the requested feature doesn't mesh with CheckUser's design
> goals (use by a trusted admin subset on Wikimedia Foundation sites, with a flat
> permission access level).

For what it's worth, I disagree with this resolution, but seeing that both Tim and Brion have now marked this as "wontfix," I won't overturn it.

CheckUser was certainly designed with Wikimedia wikis in mind, but much like MediaWiki and its various extensions, it's used on plenty of other sites. I don't see anything here that interferes with the principle and tradition of agnostic code development. It's perfectly possible to add a permissions check that doesn't interfere with Wikimedia's operations (e.g., comment out the permissions making them opt-in, problem solved).

The idea itself (allowing people to be exempt from CheckUsers) has a bit flimsy reasoning currently, but no more so than the counter-arguments, which basically amount to "this wasn't in the original spec." I don't see any reason that we should be saying "we're not even going to accept patches for this, so stop asking."
Comment 9 Aaron Schulz 2011-04-07 23:50:33 UTC
Without any real justification *for* a feature that goes against the design, it shouldn't be considered on bugzilla. People could still talk about it, such as on MW.org, and come up with reasons. BZ isn't really a good forum for tossing ideas out there (not once the comments start piling up).

This reminds me of some of the confusing, un-discussed, design melting features requested for FlaggedRevs...which ended up causing trouble and some were later removed or redone. These things need to be discussed/refined first before being implementable.

Also, I don't think Brion or Tim's reasons are flimsy...though they aren't 100% "beyond debate" knock-downs either.
Comment 10 ^nt 2011-04-12 13:21:13 UTC
OK.

Brion and others, you can publish the corrected file CheckUser.php for MediaWiki 1.16.2 with fixes for use on non-Wikimedia sites, for example as attachment to this request?

Would be very grateful...
Comment 11 Platonides 2011-04-17 18:22:14 UTC
Range checks are not only done for fiding suspects, but also for determining damage of a block.
So you could determine that blocking a /24 is safe to do, since there are no good editions from there, and end up blocking several admins!
Comment 12 ^nt 2011-04-20 09:00:48 UTC
Created attachment 8433 [details]
Proposed patch

Patch with proposed fixed by wikireality.ru users Edward Chernenko and His Shadow.
Comment 13 Happy-melon 2011-04-20 09:56:09 UTC
> Created attachment 8433 [details]
> Proposed patch
> 
> Patch with proposed fixed by wikireality.ru users Edward Chernenko and His
> Shadow.

> Currently this is not a change that will be accepted into the main repository;

It's great to have a patch, although it would be better if it were in unified diff format.  That doesn't change the fact that MediaWiki's Lead Architect and Release Manager have both said such a patch will not be accepted into the main repository.  *Please* don't bugwar over resolution statuses; you are rearranging deckchairs on the Titanic.
Comment 14 Simon Walker 2011-04-20 10:09:36 UTC
Created attachment 8434 [details]
Proposed patch in patch format, with interface messages added

I've converted the supplied patch into patch format so someone else can apply it easily to their working copy.

I've also added in the missing interface messages that were added in this patch, based on the documentation I could glean from a google-translated version of http://wikireality.ru/wiki/CheckUser_Protect

By default the userright isn't assigned to any groups, it should probably stay this way if this whole thing isn't completely discarded. Please note that I've not actually even looked at the code supplied, just pushed it onto the code properly - if there are glaring holes, look back to the original author.

I'm not so sure about this, it seems like a bad idea - if you don't trust those whom you give checkuser to, what's to say others can trust them? If you can't trust them, maybe they shouldn't have checkuser access in the first place.

I made the patch so someone else could review it for feasibility - I hope it's semi-useful in that review process.
Comment 15 Eugene 2011-04-21 10:21:28 UTC
Hmm, this patch is very useful code...

Probably, if 'checkuser-protect' right isn't assigned to any groups, it's possible merge this code to the extension?

And system administrators of wiki will be able to opt-in this feature.

Please, let decide Brion Vibber or Tim Starling.
Comment 16 Brion Vibber 2011-04-21 18:19:32 UTC
Nothing seems to have changed in the situation, so re-resolving as WONTFIX. Do feel free to use the custom patch if it serves your specific needs, but we won't accept it into mainline as it doesn't seem to be a good match-up with how CheckUser is meant to be used.

Note You need to log in before you can comment on or make changes to this bug.


Navigation
Links