Last modified: 2014-01-29 21:33:45 UTC
It'd be good if OAuth consumers could request the ability to use checkuser, so that tools could be built to analyse checkuser data.
This seems like a bug for Wikimedia / Site requests to have it added to $wgMWOAuthGrantPermissions in the config for WMF sites. Since checkuser isn't core MediaWiki, it seems awkward to have OAuth try to handle it.
For a minimal implementation, just add $wgMWOAuthGrantPermissions['checkuser']['checkuser'] = true; into InitializeSettings.php, and make sure the message mwoauth-grant-checkuser gets defined in Ex:WikimediaMessages. The authorization screen will show the grant under the "Miscellaneous activity" grants group, which isn't too bad since the number of potential users is so small.
(In reply to comment #2) > into InitializeSettings.php Should that be CommonSettings.php, specifically somewhere in https://git.wikimedia.org/blob/operations%2Fmediawiki-config.git/3a1f34f81065764fb787e5290e916df44593c5fa/wmf-config%2FCommonSettings.php#L2523 ?
(In reply to comment #1) > This seems like a bug for Wikimedia / Site requests to have it added to > $wgMWOAuthGrantPermissions in the config for WMF sites. Since checkuser isn't > core MediaWiki, it seems awkward to have OAuth try to handle it. I don't see why OAuth can't handle it. It's fine if extensions know about each other, so just do some kind of if class_exists( 'CheckUser' ) { load CU stuff; }
Because then you have a weird maze of different files to dig through to try to find where some setting is being set. When one extension needs some complex configuration based on the other then this might make sense, but for something simple like this I don't see it. That particular suggestion would also depend on the ordering of the loading of the extensions, unless you're doing it in $wgExtensionFunctions which can have its own issues.
(In reply to comment #5) > Because then you have a weird maze of different files to dig through to try > to > find where some setting is being set. When one extension needs some complex > configuration based on the other then this might make sense, but for > something > simple like this I don't see it. I would just stick a comment saying # Note additional settings might be conditionally set in File.php My expectation would be that if I have CheckUser and OAuth installed, it would just work, without requiring identical configuration that every wiki needs to set up. > > That particular suggestion would also depend on the ordering of the loading > of > the extensions, unless you're doing it in $wgExtensionFunctions which can > have > its own issues. I was thinking that rather than functions using $wgMWOAuthGrantPermissions directly, you could have an intermediate function which adds the conditional ones. But I don't know the extension as well as you do, so I'll defer to your judgement :)
(In reply to comment #6) > My expectation would be that if I have CheckUser and OAuth installed, it > would > just work, without requiring identical configuration that every wiki needs to > set up. But then where do we stop? Why not have OAuth and JoesFabulousExtension "just work" too? Also, while looking at bug 60392, I realized another problem here with regard to wiki farms: even if the other extension itself isn't enabled on a particular wiki, the configuration needs to be present on all of them or granting doesn't show up right. But if the extension isn't installed at all, we don't want to be dumping it in the config because it won't make sense.
Change 109308 had a related patch set uploaded by Anomie: Add checkuser OAuth group https://gerrit.wikimedia.org/r/109308
Change 109309 had a related patch set uploaded by Anomie: Message for checkuser OAuth group https://gerrit.wikimedia.org/r/109309
Change 109309 merged by jenkins-bot: Message for checkuser OAuth group https://gerrit.wikimedia.org/r/109309
Change 109308 merged by jenkins-bot: Add checkuser OAuth group https://gerrit.wikimedia.org/r/109308
The grant is on the proposal form now. Thanks Brad!
