[Content Service] Semi-protected page cannot be edited in Wikipedia App ("you don't have permissions to edit" popup)
Closed, ResolvedPublic3 Story Points

Description

if any page semi-protected (for confirm users), autopatrolled or editors users can't edit page. popup message say (you don't have permissions to edit this page), please solve it.

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptApr 16 2016, 1:45 AM
Ibrahim.ID triaged this task as High priority.Apr 16 2016, 1:46 AM
Aklapper renamed this task from protected pages issue in Wikipedia App to Semi-protected page cannot be edited in Wikipedia App ("you don't have permissions to edit" popup).Apr 16 2016, 3:49 PM

I confirm this issue on lastest version at cswiki. I tried to edit semiprotected page with sysop account, it wasn't possible. Please fix it soon.

MBinder_WMF set the point value for this task to 1.May 18 2016, 7:21 PM
Niedzielski renamed this task from Semi-protected page cannot be edited in Wikipedia App ("you don't have permissions to edit" popup) to [Content Service] Semi-protected page cannot be edited in Wikipedia App ("you don't have permissions to edit" popup).May 19 2016, 4:09 PM

I think this is Content Service specific so I updated the title.

bearND moved this task from Backlog to Backlog on the Mobile-Content-Service board.Jul 1 2016, 7:53 PM
bearND claimed this task.Aug 31 2016, 6:40 AM
bearND moved this task from To Do to Doing on the Mobile-App-Android-Sprint-90-Thorium board.
bearND changed the point value for this task from 1 to 3.Sep 2 2016, 5:26 PM

Change 313032 had a related patch set uploaded (by BearND):
Check user group memberships on protected pages

https://gerrit.wikimedia.org/r/313032

@bearND Could you please add a little discussion here about what's actually going wrong (e.g., is this indeed specific to MCS, and if so, how?) and the approach you've taken to fix it? It's hard to evaluate https://gerrit.wikimedia.org/r/#/c/313031 and https://gerrit.wikimedia.org/r/#/c/313032 without a little more background. (For instance, why would the protection/editable metadata from the Action API be good enough for one loading strategy but not the other?)

Marked it with Regression tag to better track changes other clients of MCS need to be aware of when transitioning from mobileview action to MCS.

@Mholloway The problem is that with the highly cached responses we get from RESTBase the app doesn't get any user specific responses anymore. In the case of a semi-protected page, it would return false, no matter as what user one is logged in when the page is requested because it retrieves and stores the content in RB without any user logged in.
Instead of taking that as the truth we could consider the value of "editable" in the lead response to be "editable for anonymous users". To be able to do that we need to retrieve the group membership information for a logged in user first. Then for pages which have editable set to false we can check group memberships to see if any group a user belongs to is allowed to edit that page.

(In contrast to that, the action=mobileview api response is specific to a user. So, the editable field there would be true if the user has permission to edit the page.)

@bearND Thanks, that makes sense. Looking again at the patches now.

Change 311182 had a related patch set uploaded (by BearND):
Retrofit LoginTask

https://gerrit.wikimedia.org/r/311182

Change 310220 had a related patch set uploaded (by BearND):
Hygiene: Decouple user mgmt from app and storage

https://gerrit.wikimedia.org/r/310220

Change 313031 had a related patch set uploaded (by BearND):
Retrieve group membership info when logging in

https://gerrit.wikimedia.org/r/313031

Change 310220 merged by jenkins-bot:
Hygiene: Decouple user mgmt from app and storage

https://gerrit.wikimedia.org/r/310220

Change 311182 merged by jenkins-bot:
Retrofit LoginTask

https://gerrit.wikimedia.org/r/311182

Change 313031 merged by jenkins-bot:
Retrieve group membership info when logging in

https://gerrit.wikimedia.org/r/313031

Change 313032 merged by jenkins-bot:
Check user group memberships on protected pages

https://gerrit.wikimedia.org/r/313032

Nicholas.tsg added a subscriber: Nicholas.tsg.EditedOct 14 2016, 2:30 AM

Testing on Wikipedia build 2.4.158-alpha-2016-10-13 on Samsung Galaxy SIII (Android 4.4.2). I attached below what I see when I'm not allowed to edit a page. If there's any further testing I should do such as checking another article please let me know. It looks fixed to me.

Hi @Nicholas.tsg. Do you or someone there have a Wikipedia user account that has made five or more edits and has been around at least a couple of weeks?

The issue in this task is that users with accounts that meet minimum criteria should be able to edit "semi-protected" pages. Barack Obama on English Wikipedia is one example.

Before this patch, the app was not allowing logged in users with such accounts to edit semi-protected pages. This patch is to ensure they have the correct editing rights.

So, steps to QA:

  1. Log in with a well-established account (feel free to ask here or on IRC if you're not sure if the account you use meets the minimums)
  2. Go to the Barack Obama article on English Wikipedia
  3. Ensure the following:
    • The edit pencil buttons do not show a lock symbol
    • When you click an edit button, the editing activity is launched rather than the "This page is protected" dialog

Sorry this wasn't clear before. Please recheck this one and update here. Thank you!

Johan added a subscriber: Johan.EditedOct 14 2016, 4:40 PM

It's working for me in 2.4.158-beta-2016-10-13 for Android where I could open the edit view for w:en:Barack Obama (as opposed to earlier, when I couldn't even edit a semi-protected page on a language version where I'm an admin). Also tested saving an edit on a semi-protected page (w:sv:Barack Obama) which worked fine.

This has been well tested by the dev team and others (thanks for the report, @Johan!) so let's consider it ready for signoff.

Dbrant closed this task as Resolved.Oct 20 2016, 7:34 PM

Thanks a lot! When it'll be merged to non-beta version?

Ignore my question, it already was merged. So thanks anyway!