Last modified: 2014-03-06 01:40:12 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T64298, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 62298 - OAuth: unblockself should not be a basic right
OAuth: unblockself should not be a basic right
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
OAuth (Other open bugs)
unspecified
All All
: High normal (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-03-06 01:11 UTC by Dan Garry
Modified: 2014-03-06 01:40 UTC (History)
6 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Dan Garry 2014-03-06 01:11:08 UTC 
unblockself is included in the set of basic rights that every OAuth application must request. As these basic rights are intended to be the minimal set of rights that are required for an OAuth application (e.g. the ability to use the API), unblockself really shouldn't be in it.
Comment 1 Sorawee Porncharoenwase 2014-03-06 01:34:10 UTC 
Then, what category should unblockself be in? The closest one I can see is blockusers, but it doesn't make sense to be like that. If people want to unblock themselves, why do they have to grant right to block other people?
Comment 2 James Alexander 2014-03-06 01:40:12 UTC 
(In reply to Sorawee Porncharoenwase from comment #1)
> Then, what category should unblockself be in? The closest one I can see is
> blockusers, but it doesn't make sense to be like that. If people want to
> unblock themselves, why do they have to grant right to block other people?

Personally I'm not completely sure it even needs to be available through oAuth. The potential for misuse is higher then the possible saved effort of going into the interface to unblock. It's a very isolated use case which you really don't want to be scripted because it could get completely out of control (especially if normal admins do not have the ability to pull a consumer's registration). That right makes the bot or user technically unblockable, I think forcing you to go into the normal interface to do that seems perfectly reasonable. 

That said if we really want it in the system somehow then the block/unblock users group seems like the right spot. You should have the ability to unblock users if you have the ability to block users. The main use case I can see (again incredibly rare) is unblocking yourself after you blocked yourself for some reason.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links