Page MenuHomePhabricator

Make ChangeOps define required permissions
Closed, ResolvedPublic

Description

To ensure consistent permission checks when applying certain types of modifications (like changing labels), ChangeOps should expos a list of required permissions for use with EntityPermissionChecker. Alternatively, ChanegOps could get a new checkPermissions() method.

This is necessary to ensure that when applying custom operations via wbeditentity, the appropriate permissions are checked. This also ensures that the same permissions are checked consistently, regardless of which entry point is used to apply a ChangeOp.

Patch-For-Review:

Event Timeline

daniel created this task.Jul 14 2017, 12:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 14 2017, 12:21 PM
WMDE-leszek triaged this task as Medium priority.
WMDE-leszek moved this task from Proposed to Doing on the Wikidata-Former-Sprint-Board board.

Change 365594 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/extensions/Wikibase@master] Make ChangeOp classes specify what action they involve (i.e. what permissions are required)

https://gerrit.wikimedia.org/r/365594

Change 365624 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/extensions/Wikibase@master] API classes require permissions defined by ChangeOps they use

https://gerrit.wikimedia.org/r/365624

Change 365594 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] Make ChangeOp classes specify what action they involve (i.e. what permissions are required)

https://gerrit.wikimedia.org/r/365594

thiemowmde updated the task description. (Show Details)
thiemowmde moved this task from Doing to Review on the Wikidata-Former-Sprint-Board board.
thiemowmde moved this task from incoming to in progress on the Wikidata board.
Restricted Application added a subscriber: PokestarFan. · View Herald TranscriptJul 24 2017, 10:09 AM

I'd like statsd tracking and/or logging for the edge case that worries me.
Other than that, the patch can go in, I think.

Change 365624 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] API classes require permissions defined by ChangeOps they use

https://gerrit.wikimedia.org/r/365624

WMDE-leszek closed this task as Resolved.Oct 13 2017, 8:09 AM
WMDE-leszek removed a project: Patch-For-Review.
WMDE-leszek moved this task from Review to Done on the Wikidata-Former-Sprint-Board board.