Last modified: 2012-11-28 19:46:21 UTC
The VisualEditor interface does not currently recognize page protection. If a user visits a protected page (a page to which he or she does not have access to edit), VisualEditor will still display a working edit form and the first click of the "Save page" button will work. It will produce a dialog box that will present a second "Save page" button that does not work. Ideally, VisualEditor would not let a user get this far without indicating that the page is uneditable. Related to this, there's no warning for administrators that a page is protected when they're editing the page. This may be a separate bug, however.
We should be able to detect in JS whether the user has the edit permission for this page. One way we can detect this is by checking whether the user gets an edit tab or a view source tab.
We have mw.user.getRights()[async] now in core as well.
And for the current page, I suppose wgRestrictionEdit and wgUserGroups could be used.
I suppose the lazy solution (use the presence of a button outputted by server side) is sufficient, especially given that if someone games it, saving will still fail. Its only for the UI.
If we do that it means we can no longer pseudo-restrict "Edit source" on a different level than "VisualEditor Edit". e.g. on MediaWiki.org we protected the namespace with sysop, but allowed users to edit it with VE.
That's not a problem I guess, but I noticed while implementing it that it was a matter of removing the code that explicitly ignored the presence of the edit button for sysops. Change-Id: I3fe29c52b743837c2e1d66f25ccdca6115b8bd25
Yeah, well, different "protection" levels for VE and non-VE editors feels like the wrong kind of solution.
