unblockself is included in the set of basic rights that every OAuth application must request. As these basic rights are intended to be the minimal set of rights that are required for an OAuth application (e.g. the ability to use the API), unblockself really shouldn't be in it.
Version: unspecified
Severity: normal
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Remove unblockself right | mediawiki/extensions/OAuth | master | +0 -1 |
Then, what category should unblockself be in? The closest one I can see is blockusers, but it doesn't make sense to be like that. If people want to unblock themselves, why do they have to grant right to block other people?
(In reply to Sorawee Porncharoenwase from comment #1)
Then, what category should unblockself be in? The closest one I can see is
blockusers, but it doesn't make sense to be like that. If people want to
unblock themselves, why do they have to grant right to block other people?
Personally I'm not completely sure it even needs to be available through oAuth. The potential for misuse is higher then the possible saved effort of going into the interface to unblock. It's a very isolated use case which you really don't want to be scripted because it could get completely out of control (especially if normal admins do not have the ability to pull a consumer's registration). That right makes the bot or user technically unblockable, I think forcing you to go into the normal interface to do that seems perfectly reasonable.
That said if we really want it in the system somehow then the block/unblock users group seems like the right spot. You should have the ability to unblock users if you have the ability to block users. The main use case I can see (again incredibly rare) is unblocking yourself after you blocked yourself for some reason.
unblockself does not work without block so the difference between granting it as a basic right and as a block/unblock group right is cosmetic. I agree with James though that there is no use case for it and it should be removed altogether.
The main use case I can see (again incredibly rare) is unblocking yourself after you blocked yourself for some reason.
An anti-addiction app that blocks and unblocks you on schedule would actually be a pretty solid use case :) Anyhow, you can remove your own block of yourself even without the unblockself right.
Most wikis that have addressed that have said not allowed under policy iirc ;) (though there IS a wiki-break enforcer javascript gadget ;)
Change 221829 had a related patch set uploaded (by Gergő Tisza):
Remove unblockself right