Page MenuHomePhabricator

Add "log in" and "create account" links on Special:EmailUser if logged out
Closed, ResolvedPublic

Description

RIght now, if logged out, https://en.wikipedia.org/wiki/Special:EmailUser/Example displays a "Permission error" with no real explanation as to why (for new/annon users). Please add a similar message to that page:

You are not currently logged in.
Sorry, in order to email users you need to be logged in with a Wikipedia/Wikimedia/Mediawiki. Please log in (or create n account) and then try again.

Event Timeline

Josve05a created this task.Mar 13 2017, 2:26 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 13 2017, 2:26 AM
Josve05a updated the task description. (Show Details)Mar 13 2017, 2:56 AM
Base added a subscriber: Base.Mar 13 2017, 2:58 AM
EddieGP added a subscriber: EddieGP.EditedMar 13 2017, 2:42 PM

The permission error page is quite right here in my opinion. To send mails with Special:EmailUser one does need the right "emailuser". This right is given to all logged in users by default (and on WMF servers) but people using mediawiki beside the WMF might want to use this differently. Maybe everybody (including anonymous users) should be allowed to mail users. Maybe only sysops should. While the first case wouldn't matter in the current configuration (as the permission error page wouldn't be shown to IPs if they had the right emailuser and thus it wouldn't matter if there's a hint to registration on that page) the second one does, because when a user is logged in and only sysops are allowed to use this function, a hint to create an account or to log in to do this would be silly.

What we could maybe do (and what would make sense IMHO) is to improve the "PermissionError" Exception in whole. Please note that this Error message is used for all kind of permission errors (including a logged in sysop user who is not a checkuser going to Special:CheckUser for example). Currently it just displays something like "you aren't allowed to do this, only people from the following groups are:" and lists the groups which have access. If the user is an anon and the right is granted to the group 'user' (which means all logged in users) than the message is like "you aren't allowed to do this, only people from the following groups are: user". That special case should be replaced by a "you aren't allowed to do this, but you were if you were logged in" thing. But that wouldn't only refer to the emailuser feature but to all kind of permissions that are granted to logged in users.

EddieGP triaged this task as Normal priority.Mar 13 2017, 4:44 PM

I think there's already supposed to be such a special case…

I was thinking of this check in OutputPage::showPermissionsErrorPage():

		// For some action (read, edit, create and upload), display a "login to do this action"
		// error if all of the following conditions are met:
		// 1. the user is not logged in
		// 2. the only error is insufficient permissions (i.e. no block or something else)
		// 3. the error can be avoided simply by logging in
		if ( in_array( $action, [ 'read', 'edit', 'createpage', 'createtalk', 'upload' ] )
			&& $this->getUser()->isAnon() && count( $errors ) == 1 && isset( $errors[0][0] )
			&& ( $errors[0][0] == 'badaccess-groups' || $errors[0][0] == 'badaccess-group0' )
			&& ( User::groupHasPermission( 'user', $action )
			|| User::groupHasPermission( 'autoconfirmed', $action ) )
		) {

But apparently, that only handles a few hardcoded actions. No idea why.

EddieGP claimed this task.Mar 13 2017, 5:37 PM

Patch found, explanation soon

I was just going to this page on my local mw installation (where I was logged in and don't have a email adress in my settings). I saw an appropriate error message:

(title:) No send address

You must be [[Special:UserLogin|logged in]] and have a valid email address in your preferences to send email to other users.

Return to [[Main Page]].

I looked at the code within SpecialEmailUser::getPermissionsError, that was

if ( !$user->isAllowed( 'sendemail' ) ) {
»       return 'badaccess';
}
if ( !$user->isEmailConfirmed() ) {
»       return 'mailnologin';
}

If a user is not logged in, both cases would match, but of course only the first one is checked and therefor this PermissionError is shown. I simply exchanged the two code blocks, now the isEmailConfirmed is checked first, mailnologin is returned for anons and the message quoted above is shown.

Patch will be up in a second, reviews welcomed

Change 342491 had a related patch set uploaded (by EddieGP):
[mediawiki/core] Show better error for anons on Special:EmailUser

https://gerrit.wikimedia.org/r/342491

Change 342491 merged by jenkins-bot:
[mediawiki/core] Show better error for anons on Special:EmailUser

https://gerrit.wikimedia.org/r/342491

matmarex closed this task as Resolved.Mar 17 2017, 7:52 AM
matmarex removed a project: Patch-For-Review.