Last modified: 2012-12-13 11:17:20 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T39588, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 37588 - make sure page protection works for data items
make sure page protection works for data items
Status: VERIFIED FIXED
Product: MediaWiki extensions
Classification: Unclassified
WikidataRepo (Other open bugs)
master
All All
: Highest blocker (vote)
: ---
Assigned To: Wikidata bugs
storypoints: 2
: testme
Depends on: 37682 37989
Blocks:
  Show dependency treegraph
 
Reported: 2012-06-14 11:38 UTC by Daniel Kinzler
Modified: 2012-12-13 11:17 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Screendump showing the effect of the block message on the page display. (87.46 KB, image/png)
2012-06-26 12:52 UTC, jeblad 		Details
Add an attachment (proposed patch, testcase, etc.)

Description Daniel Kinzler 2012-06-14 11:38:51 UTC 
MediaWiki supports different levels of page protected. We should make sure this protection is applied to changes to wikidata items.

If Title::userCan() is used everywhere to check access before any modifications are applied, this *should* be sufficient, as that is supposed to check page protection too. 

It's a bit unclear to me on what level the checks should be performed. Probably, the API should check, and perhaps Item::save should check again.

There should also be unit tests checking that user permissions and page protection are working.
Comment 1 jeblad 2012-06-25 18:55:21 UTC 
Changed isAllowed with userCan, but it seems like the page is a bit overly protective as a blocked user can't see the content at all. Perhaps its only my setup?
Comment 2 jeblad 2012-06-25 18:58:33 UTC 
Approx idea for permissions/protections is that page protection and user blocking forms a lower bound on protecting page content with "userCan", and a more fine grained permission is built on top of that with "isAllowed". For now individual calls to content changing calls to the API is guarded, but later individual fields could be protected if necessary.
Comment 3 Daniel Kinzler 2012-06-26 09:36:04 UTC 
Blocked users should be able to read, unless the wiki is private (reading is not allowed for anons) and wgBlockDisablesLogin is set.

Please compare the behavior for item pages to the behavior for wikitext pages. It should be the same wrt blocking/protection.
Comment 4 Daniel Kinzler 2012-06-26 12:49:13 UTC 
Note: ItemViewAction needs to return false from requiresUnblock(), otherwise blocked users can't view. Maybe ItemViewAction should just extend ViewAction? Will look at this in the context of bug 37682.
Comment 5 jeblad 2012-06-26 12:52:48 UTC 
Created attachment 10796 [details]
Screendump showing the effect of the block message on the page display.
Comment 6 jeblad 2012-06-27 13:09:29 UTC 
Changes in patchset https://gerrit.wikimedia.org/r/#/c/12907/
Comment 7 denny vrandecic 2012-06-28 10:27:11 UTC 
Write tests for this.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links