Page MenuHomePhabricator

When checking permissions in the context of applying the "clear" flag in wbeditentity, only check effective modifications.
Open, MediumPublic


A typical use case for the "clear" flag is load-modify-save, in which case most of the entity would be restored as they were. This means that any permissions checks for parts of the entity that need extra permissions but were restored (like e.g. terms) would be redundant.

In other words: permissions for modifying an entity part should only be checked if that part is effectively modified by the request. They should not be checked if the part is restored unchanged after it was first cleared.

Event Timeline

According to the analysis of P5835 (see comments), it seems that the "clear" lag is used primarily to completely empty out an entity in preparation of turning it into a redirect. We could continue supporting this used case by keeping the "clear" flag, but disallowing any data to be re-added to the entity in the same request. That would avoid the need for determining the "effective" edit for checking permissions, etc.

If we want to remove the clear flag or change semantics, the following tools will be the ones most heavily affected:

  • User:PLbot
  • User:XXN-bot
  • MediaWiki:Gadget-Merge.js
  • MediaWiki:Guidedtour-lib.js