Page MenuHomePhabricator
Create Task
Maniphest T189479

Enforce permission checks on Special:NewLexeme
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Creating a Lexeme must only be possible by accounts with the "createpage" right.

Acceptance criteria

  • A user without the "createpage" right can not create a Lexeme

Scenarios

Scenario: Missing authorization NewLexeme page access

GIVEN I do not have the "createpage" right
WHEN I enter Special:NewLexeme
THEN I see a standard MediaWiki Permission Error

Technical notes:

  • Right checking is built into special pages and only requires you to pass the required right into the constructor of the special page. (src/Specials/SpecialNewLexeme.php)

Details

SubjectRepoBranchLines +/-
Special:NewLexeme: Enforce user permissionmediawiki/extensions/WikibaseLexememaster+60 -0
browser tests: use MWBot instead of nodemwmediawiki/extensions/WikibaseLexememaster+42 -113
Customize query in gerrit

Related Objects
Search...

Event Timeline

WMDE-leszek triaged this task as Medium priority.Mar 12 2018, 1:11 PM
WMDE-leszek created this task.
WMDE-leszek updated the task description. (Show Details)
WMDE-leszek moved this task from incoming to features/bugs for next release (editor experience improvements) on the Wikidata Lexicographical data board.Mar 12 2018, 1:28 PM
Pablo-WMDE updated the task description. (Show Details)Mar 12 2018, 3:23 PM
Pablo-WMDE updated the task description. (Show Details)
Pablo-WMDE updated the task description. (Show Details)Mar 12 2018, 3:34 PM
Pablo-WMDE updated the task description. (Show Details)Mar 12 2018, 3:46 PM
Pablo-WMDE updated the task description. (Show Details)Mar 12 2018, 4:05 PM
Addshore subscribed.EditedMar 13 2018, 10:14 AM

One area of this task that is still unclear is what is meant by "the right to create pages"

MediaWiki has a "createpage" right which can be found at https://www.mediawiki.org/wiki/Manual:User_rights#List_of_permissions
Wikibase also has a "property-create" right specifically for properties.
Items appear to use the mediawiki provided "createpage" right

@Lydia_Pintscher do we just want to check the standard "createpage" right or have our own right for creating lexemes?

Lydia_Pintscher added a comment.Mar 13 2018, 10:16 AM

Let's go with the standard createpage right as we do with items.

Addshore updated the task description. (Show Details)Mar 13 2018, 10:18 AM
WMDE-leszek set the point value for this task to 3.Mar 13 2018, 11:26 AM
RazShuty added a project: Wikidata-Turtles-18.03.28.Mar 28 2018, 10:00 AM
Pablo-WMDE updated the task description. (Show Details)Mar 28 2018, 11:11 AM
Pablo-WMDE claimed this task.Mar 29 2018, 8:23 AM
Pablo-WMDE moved this task from To Do to Doing on the Wikidata-Turtles-18.03.28 board.
Pablo-WMDE mentioned this in rEWLEe520e477989f: browser tests: use MWBot instead of nodemw.Mar 29 2018, 2:02 PM
Pablo-WMDE mentioned this in rEWLE4c9d457dfeed: browser tests: use MWBot instead of nodemw.Mar 29 2018, 3:55 PM
Pablo-WMDE added a comment.Mar 29 2018, 3:57 PM

See https://github.com/wikimedia/mediawiki/commit/9c5fa5567b6b565cb4521ad342fd4e42e6ecc5db#diff-b9cfc7f2cdf78a7f4b91a753d10865a2 for core selenium change.

Pablo-WMDE mentioned this in rEWLE781980b61343: browser tests: use MWBot instead of nodemw.Apr 3 2018, 10:45 AM
Pablo-WMDE mentioned this in rEWLE0b1e33ae9664: browser tests: use MWBot instead of nodemw.Apr 3 2018, 10:57 AM
Pablo-WMDE mentioned this in rEWLE11a591fad12f: browser tests: use MWBot instead of nodemw.Apr 3 2018, 3:27 PM
Pablo-WMDE mentioned this in rEWLEd96d1bc68d56: Special:NewLexeme: Enforce user permission.Apr 3 2018, 5:03 PM
Pablo-WMDE added a comment.Apr 4 2018, 9:11 AM

Per https://www.mediawiki.org/wiki/Manual:User_rights#Creating_a_new_group_and_assigning_permissions_to_it ff. it is

  • only possible to change group definitions via configuration change, not via the API
  • the "(all)" group which by default is associated with the createpage right can not be removed from users
  • and individual permissions can not be removed from users

I conclude it is not feasible to write a browser test that asserts if a page is protected by a permission.

Pablo-WMDE mentioned this in rEWLE2f81fa773511: Special:NewLexeme: Enforce user permission.Apr 4 2018, 10:05 AM
Pablo-WMDE removed Pablo-WMDE as the assignee of this task.Apr 4 2018, 3:54 PM
Pablo-WMDE moved this task from Doing to Peer Review on the Wikidata-Turtles-18.03.28 board.
Pablo-WMDE subscribed.
WMDE-leszek moved this task from features/bugs for next release (editor experience improvements) to Features/bugs for first release on the Wikidata Lexicographical data board.Apr 5 2018, 9:27 AM
Pablo-WMDE mentioned this in rEWLE7eba3cb06d59: Special:NewLexeme: Enforce user permission.Apr 5 2018, 12:41 PM
Addshore mentioned this in rEWLE820652c2b1a0: browser tests: use MWBot instead of nodemw.Apr 5 2018, 1:18 PM
WMDE-leszek mentioned this in rEWLEbcf6b9f62ed6: browser tests: use MWBot instead of nodemw.Apr 6 2018, 4:22 PM
WMDE-leszek mentioned this in rEWLE042ec71762ec: Special:NewLexeme: Enforce user permission.Apr 6 2018, 4:29 PM
RazShuty added a project: Wikidata-Turtles-Sprint#3.Apr 11 2018, 9:51 AM
RazShuty moved this task from To Do to Peer Review on the Wikidata-Turtles-Sprint#3 board.
gerritbot subscribed.Apr 12 2018, 4:54 PM

Change 422931 merged by jenkins-bot:
[mediawiki/extensions/WikibaseLexeme@master] browser tests: use MWBot instead of nodemw

https://gerrit.wikimedia.org/r/422931

WMDE-leszek mentioned this in rEWLE0c26f4676658: Special:NewLexeme: Enforce user permission.Apr 13 2018, 2:43 PM
gerritbot added a comment.Apr 13 2018, 4:50 PM

Change 423737 merged by jenkins-bot:
[mediawiki/extensions/WikibaseLexeme@master] Special:NewLexeme: Enforce user permission

https://gerrit.wikimedia.org/r/423737

WMDE-leszek moved this task from Peer Review to Test (Product Review) on the Wikidata-Turtles-Sprint#3 board.Apr 16 2018, 7:18 AM
Lydia_Pintscher closed this task as Resolved.Apr 19 2018, 8:02 AM
Lydia_Pintscher claimed this task.
Lydia_Pintscher moved this task from Test (Product Review) to Done on the Wikidata-Turtles-Sprint#3 board.

Yay :)

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL