Allow all users to see protected filters on Special:AbuseFilter

Why: T367390 hid protected filters from users who didn't have the right to see them because users with access to private filters also had access to search against filters and were inadvertantly allowed to search against protected filters regardless of whether or not they had the right to see them. Now, in order to be consistent with how AbuseFilter displays private filters, reveal protected filters to all users but continue to restrict access to their details. What: - Only hide protected filters when a user runs a search and doesn't have permission to access them. Bug: T381470 Change-Id: I2acb7e066885f6da18b29876c21c5d7d199b9886
2024-12-23 19:02:58 +00:00 · 2024-12-05 02:10:21 -08:00 · 2024-12-05 02:10:21 -08:00 · a5dbd74017
parent d35ee68be7
commit a5dbd74017
2 changed files with 23 additions and 6 deletions
--- a/includes/View/AbuseFilterViewList.php
+++ b/includes/View/AbuseFilterViewList.php
@ -162,11 +162,6 @@ class AbuseFilterViewList extends AbuseFilterView {
 			$conds['af_global'] = 1;
 		}

-		if ( !$this->afPermManager->canViewProtectedVariables( $performer ) ) {
-			$dbr = $this->dbProvider->getReplicaDatabase();
-			$conds[] = $dbr->bitAnd( 'af_hidden', Flags::FILTER_USES_PROTECTED_VARS ) . ' = 0';
-		}
-
 		if ( $searchmode !== null ) {
 			// Check the search pattern. Filtering the results is done in AbuseFilterPager
 			$error = null;
@ -190,6 +185,16 @@ class AbuseFilterViewList extends AbuseFilterView {
 				$conds = [ 'af_deleted' => 0 ];
 				$searchmode = $querypattern = null;
 			}
+
+			// Viewers with the right to view private filters have access to the search
+			// function, which can query against protected filters and potentially expose PII.
+			// Remove protected filters from the query if the user doesn't have the right to search
+			// against them. This allows protected filters to be visible in the general list of
+			// filters at all other times.
+			if ( !$this->afPermManager->canViewProtectedVariables( $performer ) ) {
+				$dbr = $this->dbProvider->getReplicaDatabase();
+				$conds[] = $dbr->bitAnd( 'af_hidden', Flags::FILTER_USES_PROTECTED_VARS ) . ' = 0';
+			}
 		}

 		$this->showList(
--- a/tests/phpunit/integration/Special/SpecialAbuseFilterTest.php
+++ b/tests/phpunit/integration/Special/SpecialAbuseFilterTest.php
@ -386,6 +386,18 @@ class SpecialAbuseFilterTest extends SpecialPageTestBase {
 	}

 	public function testViewListProtectedVarsFilterVisibility() {
+		// Ensure that even if the user cannot view the details of a protected filter
+		// they can still see the filter in the filter list
+		[ $html, ] = $this->executeSpecialPage(
+			'',
+			new FauxRequest(),
+			null,
+			$this->authorityCannotUseProtectedVar
+		);
+		$this->assertStringContainsString( 'abusefilter-protected', $html );
+	}
+
+	public function testViewListWithSearchQueryProtectedVarsFilterVisibility() {
 		// Stub out a page with query results for a filter that uses protected variables
 		// &sort=af_id&limit=50&asc=&desc=1&deletedfilters=hide&querypattern=user_unnamed_ip&searchoption=LIKE
 		$requestWithProtectedVar = new FauxRequest( [
@ -400,7 +412,7 @@ class SpecialAbuseFilterTest extends SpecialPageTestBase {
 			'furtheroptions' => []
 		] );

-		// Assert that the user who cannot see protected variables sees no filters
+		// Assert that the user who cannot see protected variables sees no filters when searching
 		[ $html, ] = $this->executeSpecialPage(
 			'',
 			$requestWithProtectedVar,