Page MenuHomePhabricator
Create Task
Maniphest T170673

Make ChangeOps define required permissions
Closed, ResolvedPublic
Actions

Description

To ensure consistent permission checks when applying certain types of modifications (like changing labels), ChangeOps should expos a list of required permissions for use with EntityPermissionChecker. Alternatively, ChanegOps could get a new checkPermissions() method.

This is necessary to ensure that when applying custom operations via wbeditentity, the appropriate permissions are checked. This also ensures that the same permissions are checked consistently, regardless of which entry point is used to apply a ChangeOp.

Patch-For-Review:

Details

SubjectRepoBranchLines +/-
API classes require permissions defined by ChangeOps they usemediawiki/extensions/Wikibasemaster+96 -86
Make ChangeOp classes specify what action they involve (i.e. what permissions are required)mediawiki/extensions/Wikibasemaster+191 -0
Customize query in gerrit

Related Objects
Search...

Event Timeline

daniel created this task.Jul 14 2017, 12:21 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 14 2017, 12:21 PM
daniel added projects: Wikidata, Wikidata-Former-Sprint-Board.Jul 14 2017, 12:21 PM
daniel added a parent task: T166586: Consistently check permission for entity creation.
WMDE-leszek claimed this task.Jul 17 2017, 1:18 PM
WMDE-leszek triaged this task as Medium priority.
WMDE-leszek moved this task from Proposed to Doing on the Wikidata-Former-Sprint-Board board.
gerritbot subscribed.Jul 17 2017, 1:33 PM

Change 365594 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/extensions/Wikibase@master] Make ChangeOp classes specify what action they involve (i.e. what permissions are required)

https://gerrit.wikimedia.org/r/365594

gerritbot added a project: Patch-For-Review.Jul 17 2017, 1:33 PM
gerritbot added a comment.Jul 17 2017, 3:54 PM

Change 365624 had a related patch set uploaded (by WMDE-leszek; owner: WMDE-leszek):
[mediawiki/extensions/Wikibase@master] API classes require permissions defined by ChangeOps they use

https://gerrit.wikimedia.org/r/365624

gerritbot added a comment.Jul 19 2017, 5:18 PM

Change 365594 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] Make ChangeOp classes specify what action they involve (i.e. what permissions are required)

https://gerrit.wikimedia.org/r/365594

thiemowmde added a project: MediaWiki-extensions-WikibaseRepository.Jul 21 2017, 12:32 PM
thiemowmde updated the task description. (Show Details)
thiemowmde moved this task from Doing to Review on the Wikidata-Former-Sprint-Board board.
thiemowmde moved this task from incoming to in progress on the Wikidata board.
thiemowmde added subscribers: Aleksey_WMDE, WMDE-leszek, thiemowmde, Ladsgroup.
Lucas_Werkmeister_WMDE moved this task from Review to Done on the Wikidata-Former-Sprint-Board board.Jul 24 2017, 10:09 AM
Restricted Application added a subscriber: PokestarFan. · View Herald TranscriptJul 24 2017, 10:09 AM
Aleksey_WMDE moved this task from Done to Review on the Wikidata-Former-Sprint-Board board.Jul 24 2017, 10:29 AM

https://gerrit.wikimedia.org/r/#/c/365624/ is not merged yet

Aleksey_WMDE claimed this task.Jul 24 2017, 3:32 PM
Aleksey_WMDE moved this task from Review to Doing on the Wikidata-Former-Sprint-Board board.
daniel created subtask T171483: Check any special permissions like entity-term when applying the "clear" flag in wbebeditentity .Jul 24 2017, 3:38 PM
daniel created subtask T171484: When checking permissions in the context of applying the "clear" flag in wbeditentity, only check effective modifications..Jul 24 2017, 3:41 PM
WMDE-leszek claimed this task.Aug 1 2017, 11:42 AM
WMDE-leszek moved this task from Doing to Review on the Wikidata-Former-Sprint-Board board.Oct 9 2017, 8:22 AM
daniel added a comment.Oct 10 2017, 5:50 PM

I'd like statsd tracking and/or logging for the edge case that worries me.
Other than that, the patch can go in, I think.

gerritbot added a comment.Oct 12 2017, 6:23 PM

Change 365624 merged by jenkins-bot:
[mediawiki/extensions/Wikibase@master] API classes require permissions defined by ChangeOps they use

https://gerrit.wikimedia.org/r/365624

ReleaseTaggerBot added a project: MW-1.31-release-notes (WMF-deploy-2017-10-17 (1.31.0-wmf.4)).Oct 12 2017, 7:00 PM
WMDE-leszek closed this task as Resolved.Oct 13 2017, 8:09 AM
WMDE-leszek removed a project: Patch-For-Review.
WMDE-leszek moved this task from Review to Done on the Wikidata-Former-Sprint-Board board.
daniel mentioned this in T182983: Consistently check permissions in API modules that modify entities.Dec 15 2017, 12:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL