Page MenuHomePhabricator
Create Task
Maniphest T182097

Investigation: Whether it is better to skip permission checks for forms
Closed, ResolvedPublic
Actions

Description

Does it make more sense from the perspective of finishing T180467 to skip permission checks for forms, or implement the actual permission checking for forms.

Time limit: 4 hours
Expected outcome: Answer to the question stated above, and create task(s) for implementing the outcome of the investigation,

Related Objects
Search...

StatusAssignedTask
 ResolvedLydia_PintscherT159703 [Tracking] Support for Forms and Senses
 ResolvedLydia_PintscherT150178 Wikidata 2017 Q2 goals
 ResolvedLydia_PintscherT169708 Wikidata 2017 Q3 goals
 OpenNoneT194253 Configure the CI job that runs WikibaseLexeme's browser tests against test wikidata
 Resolved AddshoreT168260 Deploy WikibaseLexeme extension on Wikimedia cluster
 Resolved AddshoreT191457 Deploy WikibaseLexeme on www.wikidata.org
 Resolved AddshoreT191458 Deploy WikibaseLexeme on test.wikidata.org
 ResolvedLydia_PintscherT168263 WikibaseLexeme functional baseline
 ResolvedLydia_PintscherT160052 [Epic] Support for Forms
 ResolveddanielT160521 [Epic] Forms of a Lexeme (UI)
 ResolvedNoneT160520 [Story] Section header for Forms
 ResolvedthiemowmdeT161092 Create LexemeFormsView and use it in LexemeView
 ResolvedNoneT161093 Create browser tests for section header for forms
 Resolved JonasT161201 Run browser tests in CI
 ResolvedLydia_PintscherT160522 [Story] List of Forms (UI)
 ResolveddanielT164743 [Story] Add Form to list of Forms (UI)
 ResolvedNoneT160524 [Story] Add Form to list of Forms (non-persistent)
 ResolvedthiemowmdeT161789 [Task] Introduce HTML templates infrastructure for Wikibase Lexeme
 ResolvedJakob_WMDET162254 [Task] Move existing HTML from views to templates.php
 ResolvedJakob_WMDET162338 Add browsertests for 'Add Form to list of Forms'
 ResolvedWMDE-leszekT162339 Create "formlist" widget for list of Forms
 ResolvedWMDE-leszekT162340 Implement Form widget
 ResolvedWMDE-leszekT162341 Create an "add" button to add a Form to a list of Forms and wire it to display "add Form"
 DuplicateNoneT162342 Make the "add" button display the "add Form" form
 ResolvedWMDE-leszekT162343 Make the "save" button add the new form to the list widget
ResolvedLydia_PintscherT173743 [Story] Representations of a Form
 ResolvedJakob_WMDET165575 [Story] Multi-variant Representations (UI)
 ResolvedNoneT173744 persistently addable/editable/removable Representations of a Form via the UI (M)
 ResolvedLucas_Werkmeister_WMDET178389 Create API for updating Form descriptions
 ResolvedLydia_PintscherT160525 [Story] Grammatical Feature of a Form
 Resolved Aleksey_WMDET162788 [Story] basic non-editable list of Grammatical Features of a Form
 ResolvedWMDE-leszekT162790 [Story] basic editable list of Grammatical Features of a Form
 Resolved JonasT163971 Investigate what widget could be used to render the editable list of Grammatical Features of a Form
 Resolved JonasT164361 Create MenuTagMultiselectWidget for Grammatical Feature List
 ResolvedJakob_WMDET163972 Create browser test for the editing the list of Grammatical Features of a Form feature
 Resolved JonasT164471 Create jquery ui widget for Grammatical Feature List
 InvalidNoneT162797 [Story] Grammatical Forms look like faked statements
 ResolvedLydia_PintscherT163785 [Story] UX design for a Form's list of grammatical features
ResolvedNoneT173742 persistently editable Grammatical Feature of a Form via the UI (M)
 Resolved Aleksey_WMDET176473 [Task] Split Lexeme serializer into ExternalSerializer and StorageSerializer
 ResolvedWMDE-leszekT184409 Create the API module allowing editing the representation, and the grammatical features of a Form (days: 4)
 ResolvedLydia_PintscherT184411 UI: Use the API to save edits of grammatical features of the form (days: 1)
 ResolvedNoneT184702 Set the edit summary when editing the representation and/or grammatical features of the form
 ResolvedLydia_PintscherT160526 [Story] List of Statements for a Form
 ResolvedthiemowmdeT163724 persistently addable/editable/removable statements on a Form via the UI (L)
 ResolvedthiemowmdeT180467 Make it possible to handle sub-entities in the storage layer of Wikibase (days: 1)
 ResolvedNoneT164742 [Story] Add Form to list of Forms (persistent)
 ResolvedLadsgroupT182424 Diffs for statements, grammatical features and representations of a form (M) (days: 9)
 ResolvedLydia_PintscherT178916 Enforce user rights on Lexeme pages and its parts
 ResolvedthiemowmdeT182097 Investigation: Whether it is better to skip permission checks for forms

Event Timeline

thiemowmde closed this task as Resolved.Dec 8 2017, 4:01 PM
thiemowmde claimed this task.
thiemowmde moved this task from Backlog to Done on the Wikidata-Sprint-2017-12-06 board.

We tracked the issue down to the class WikiPageEntityStorePermissionChecker, to a line that calls an EntityTitleLookup with a FormId. The default implementation for this is in EntityContentFactory::getTitleForId and forwards to the ContentHandler specific for the entity type, which is why early patch sets of https://gerrit.wikimedia.org/r/394072 contained an (almost empty) FormHandler.

Outcome of the investigation: It's easier to solve this properly. What needs to be done is to apply the same dispatcher pattern on the EntityTitleLookup created in WikibaseRepo::getEntityTitleLookup. All permission checks that require a Title are properly handled then (they use the Lexeme's page title then).

Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL