Anyone with newsletter-create rights can edit a Newsletter namespace page (via api). While these changes aren't reflected in the relavent tables, they can make things inconsistent and confusing (e.g. Have the page display a different list of publishers than the actual list). Newsletter-manage permissions should apply to editing Newsletter pages via the api like it does during normal editing. The most obvious way to do this is with a getUserPermissionsErrors (or similar) hook. However, it may also be better to make the content handler page canonical and use it instead of the separate db tables where possible to eliminate the possibility of inconsistency in the system.
Description
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Duplicate | Qgil | T125545 Phabricator Q&A session for Community Liaisons | |||
Resolved | Qgil | T116025 Goal: Align Community Liaison and Developer Relations project management practices | |||
Resolved | Qgil | T119387 Community Liaison and Developer Relation quarterly goals for January - March 2016 | |||
Declined | None | T104131 Exporting existing newsletter to the Newsletter extension | |||
Resolved | Addshore | T110170 Goal: Deploy Newsletter extension in Wikimedia | |||
Duplicate | None | T115098 Deploy Newsletter extension in beta cluster | |||
Resolved | ori | T127297 Add the Newsletter extension to the Beta Cluster | |||
Resolved | Bawolff | T115095 Security review of Newsletter extension | |||
Resolved | None | T159084 [Security] Fix inconsistent Newsletter user rights |