Page MenuHomePhabricator

Investigation: Whether it is better to skip permission checks for forms
Closed, ResolvedPublic

Description

Does it make more sense from the perspective of finishing T180467 to skip permission checks for forms, or implement the actual permission checking for forms.

Time limit: 4 hours
Expected outcome: Answer to the question stated above, and create task(s) for implementing the outcome of the investigation,

Related Objects

StatusAssignedTask
ResolvedLydia_Pintscher
ResolvedLydia_Pintscher
ResolvedLydia_Pintscher
OpenNone
ResolvedAddshore
ResolvedAddshore
ResolvedAddshore
ResolvedLydia_Pintscher
ResolvedLydia_Pintscher
Resolveddaniel
ResolvedNone
Resolvedthiemowmde
ResolvedNone
Resolved Jonas
ResolvedLydia_Pintscher
Resolveddaniel
ResolvedNone
Resolvedthiemowmde
ResolvedJakob_WMDE
ResolvedJakob_WMDE
ResolvedWMDE-leszek
ResolvedWMDE-leszek
ResolvedWMDE-leszek
DuplicateNone
ResolvedWMDE-leszek
ResolvedLydia_Pintscher
ResolvedJakob_WMDE
ResolvedNone
ResolvedLucas_Werkmeister_WMDE
ResolvedLydia_Pintscher
Resolved Aleksey_WMDE
ResolvedWMDE-leszek
Resolved Jonas
Resolved Jonas
ResolvedJakob_WMDE
Resolved Jonas
InvalidNone
ResolvedLydia_Pintscher
ResolvedNone
Resolved Aleksey_WMDE
ResolvedWMDE-leszek
ResolvedLydia_Pintscher
ResolvedNone
ResolvedLydia_Pintscher
Resolvedthiemowmde
Resolvedthiemowmde
ResolvedNone
ResolvedLadsgroup
ResolvedLydia_Pintscher
Resolvedthiemowmde

Event Timeline

thiemowmde closed this task as Resolved.Dec 8 2017, 4:01 PM
thiemowmde claimed this task.
thiemowmde moved this task from Backlog to Done on the Wikidata-Sprint-2017-12-06 board.

We tracked the issue down to the class WikiPageEntityStorePermissionChecker, to a line that calls an EntityTitleLookup with a FormId. The default implementation for this is in EntityContentFactory::getTitleForId and forwards to the ContentHandler specific for the entity type, which is why early patch sets of https://gerrit.wikimedia.org/r/394072 contained an (almost empty) FormHandler.

Outcome of the investigation: It's easier to solve this properly. What needs to be done is to apply the same dispatcher pattern on the EntityTitleLookup created in WikibaseRepo::getEntityTitleLookup. All permission checks that require a Title are properly handled then (they use the Lexeme's page title then).