User:DWalden (WMF)/Permissions Testing

Introduction
This presents a strategy I often use when testing features that give users access to data which may be sensitive.

For example, information about who made a particular edit or performed a particular logged action.

The basic idea is to compare the information the feature you are testing gives the user access to with what information they can find out through existing means.

For example, the feature should not give the user information about a revision which they cannot see in the revision history of a page.

You also want to enumerate all the variables which affect whether or not a user has permission to see a particular bit of data and test all the combinations of these variables.

For example, revisions and logged actions can have various visibility settings which might mean a user is not allowed to see some or all of the information about it.

Enumerating variables
The relevant variables will depend on the data your feature gives access to. I give examples for revisions and logged actions.

Revisions

 * Visibility of revision (see Help:RevisionDelete and Manual:RevisionDelete)
 * Is the comment hidden?
 * Is the revision's wikitext hidden?
 * Is the editor hidden?
 * Is it suppressed (meaning it is visible only to users with  rights)? Bear in mind that this option only works if you also hide one or more of the above options.


 * Editor's suppressed status
 * Is the user who made the edit suppressed or not?


 * Editor type
 * Is the user who made the edit an anonymous (IP), temporary or named (logged in) user?


 * Your user's rights
 * Is there a specific right associated with using this feature and does the user have it?


 * Your user's blocked status
 * Should a user be able to see this information if they are blocked or suppressed?

You can then test each of the combinations of these such as in the below table, which shows only a small sample of the combinations:

Logged actions

 * revisions
 * script to generate
 * logs
 * how to generate?
 * have targets and performers
 * target
 * performer


 * visibility
 * script to do this
 * blocked status
 * type of user (anon, temp, logged in)
 * rights

Comparing

 * oracles