Last modified: 2014-04-15 14:23:39 UTC
I have an OAuth consumer that has edit rights on Wikidata: Setting claims (action=wbcreateclaim) works just fine. However, action=wbsetlabel (using a copy of the working code) gets me: stdClass Object ( [servedby] => mw1139 [error] => stdClass Object ( [code] => permissiondenied [info] => You do not have sufficient permissions ) ) As a user, I can edit labels manually, so I do have that right. And the API doc states that wbsetlabel needs edits rights, which both I and the consumer have. So, that should work, but doesn't. I'm marking this "blocker" because it blocks the function of one of my tools.
Forgot the consumer URL: https://www.mediawiki.org/wiki/Special:OAuthListConsumers/view/367a921be867ea111d8dd7412e4006ae
Not a bug in OAuth, it's just a configuration issue. What needs to happen in a patch against wmf-config/CommonSettings.php (in operations/mediawiki-config) that adds Wikidata's permissions into the appropriate subarrays of $wgMWOAuthGrantPermissions. Not being familiar with Wikidata's perimssions, I wouldn't know which ones should go in $wgMWOAuthGrantPermissions['useoauth'] (like core's 'read'), which should go in $wgMWOAuthGrantPermissions['editpage'] (like core's 'edit'), which should go in $wgMWOAuthGrantPermissions['createeditmovepage'] (like core's 'create' and 'move'), and so on, or whether one or more new groups should be created for some/all of them so clients can explicitly request "interact with Wikidata" (which would then need a message added to extension/WikimediaMessages). Adjusting priority and importance to match bug 59929 and bug 59981, and reassigning to Wikimedia/Wikidata so the right people can decide how $wgMWOAuthGrantPermissions should be set up. Gerrit change #109308 might serve as an example as to where and how exactly to add it.
Change 109333 had a related patch set (by Addshore) published: Add wikibase permissions to MWOAuthGrantPermissions https://gerrit.wikimedia.org/r/109333
Change 109333 merged by jenkins-bot: Add wikibase permissions to MWOAuthGrantPermissions https://gerrit.wikimedia.org/r/109333
Any news as to when this is going live?
(In reply to comment #5) > Any news as to when this is going live? https://www.mediawiki.org/wiki/MediaWiki_1.23/Roadmap
@Magnus: It is merged and live. If it is still not working we need to investigate some more.
(In reply to comment #7) > @Magnus: It is merged and live. If it is still not working we need to > investigate some more. Still getting "You do not have sufficient permissions". Do the WiDaR consumer settings need to be updated on the OAuth side?
I'm not sure. I'll try to find out.
Will be discussed in weekly call on Thursday, Feb, 6th
Magnus, can you use your OAuth consumer to run api.php?action=query&meta=userinfo&uiprop=blockinfo|groups|rights for the user? That will give a list of rights that the current user has, and we can start tracking down what is missing.
Here it is: [rights] => Array ( [0] => read [1] => edit [2] => writeapi [3] => minoredit [4] => purge [5] => autopatrol [6] => autoconfirmed [7] => editsemiprotected [8] => skipcaptcha ) You can check for changes (if you make any) yourself: http://tools.wmflabs.org/widar/?action=get_rights
Change 113117 had a related patch set uploaded by Aude: Fix OAuth rights for Wikidata https://gerrit.wikimedia.org/r/113117
Aaaand... bug is back. "You do not have sufficient permissions". Statement adding works fine.
Without any real looking into the issue, I'd suspect that the "deployment note" on Gerrit change #112470 wasn't taken care of.
Change 121086 had a related patch set uploaded by Aude: Update Wikidata OAuth grants https://gerrit.wikimedia.org/r/121086
hmmm, thought we already updated these settings but apparently not yet. We shall do that now
Change 121086 merged by jenkins-bot: Update Wikidata OAuth grants https://gerrit.wikimedia.org/r/121086
@magnus please check that oauth works again. I don't think there is any thing you need to update or do.
Yep, works, thanks!