Page MenuHomePhabricator

Revision permalink page is confusing when missing permissions
Closed, ResolvedPublic

Description

Split from T98367: https://phabricator.wikimedia.org/T98367#1425770

The permalink of a revision (which you can get to via the timestamp link in history) for which a user has insufficient permissions for is confusing.
It doesn't seem to leak information the user shouldn't be able to see, but it renders oddly: it just omits all the information.
A proper solution would be to just show a "insufficient permissions" error message.

Event Timeline

matthiasmullie raised the priority of this task from to Needs Triage.
matthiasmullie updated the task description. (Show Details)
matthiasmullie added a subscriber: matthiasmullie.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 6 2015, 11:50 AM
Mattflaschen-WMF triaged this task as Medium priority.Jul 8 2015, 11:52 PM
Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF set Security to None.

It shouldn't link to this if you don't have the relevant permission, but if you somehow visit it anyway, it also shouldn't look broken like this.

Change 224057 had a related patch set uploaded (by Matthias Mullie):
Check for & report permissions error in single-view pages

https://gerrit.wikimedia.org/r/224057

Change 224057 merged by jenkins-bot:
Check for & report permissions error in single-view pages

https://gerrit.wikimedia.org/r/224057

Presently, there is a difference in displaying info about Deleted vs Suppressed topics to a user without sufficient permissions:

  • deleted topic

  • the previously deleted topic was suppressed

A proper solution would be to just show a "insufficient permissions" error message.

Should the warning mention it?

DannyH closed this task as Resolved.Jul 15 2015, 10:41 PM
DannyH added a subscriber: DannyH.

Presently, there is a difference in displaying info about Deleted vs Suppressed topics to a user without sufficient permissions:

  • deleted topic

  • the previously deleted topic was suppressed

I think this difference is correct.

A proper solution would be to just show a "insufficient permissions" error message.

Should the warning mention it?

What warning?