Maniphest T194585

Expose whether a user is blocked from editing a specific page via the API
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

Problem
There isn't a way to determine, via the API, if a particular user is blocked from editing a specific page.

MobileFrontend uses it's own logic to determine if a user can edit a particular page or not.

This means any implementations of UserIsBlockedFrom is ignored and the client will assume the user cannot edit a page they may be able to edit (i.e. the client will assume a site-wide block). While the user will be notified that they are blocked (and the client will prevent editing) the actual edit request will succeed.

Solution
Add to ApiQueryInfo an inprop to indicate whether the current user is blocked from the page. This should execute User::isBlockedFrom.

Details

	Subject	Repo	Branch	Lines +/-
	API: Allow prop=info intestactions to return reasons	mediawiki/core	master	+234 -2
	Add a prop to ApiQueryInfo to indicate if user is blocked from current page.	mediawiki/core	master	+9 -1

Customize query in gerrit

Related Objects
Search...

Status	Assigned	Task
Resolved	TheDJ	T190350 Epic: ⚡️ Partial blocks
Resolved	• TBolliger	T2674 Allow users to be blocked from editing a specific article or all articles inside a namespace
Resolved	• TBolliger	T196578 👩‍👧 MVP for partial blocks (block a user from pages only)
Resolved	None	T197119 Update Visual Editor block notice to be page specific
Resolved	dbarratt	T197122 Update the block notices on mobile web to be page specific
Invalid	None	T197131 Update Android block notices to be page specific
Resolved	• JMinor	T197135 Update iOS block notices to be page specific
Resolved	dbarratt	T194585 Expose whether a user is blocked from editing a specific page via the API

Event Timeline

There are a very large number of changes, so older changes are hidden. Show Older Changes

In T194585#4204694, @Anomie wrote:

That goes beyond exposing User::isBlockedFrom(), and is not supported by the 'UserIsBlockedFrom' hook.

Returning a bool seemed kinda silly when User::isBlockedFrom() determines this from a single block and most (if not all?) clients will need to tell the user the info from the block. I think if the method returns true it should just return the result of User::isBlocked(). But maybe this is a good idea for a param. :)

In T194585#4204705, @dbarratt wrote:

Returning a bool seemed kinda silly when User::isBlockedFrom() determines this from a single block and most (if not all?) clients will need to tell the user the info from the block. I think if the method returns true it should just return the result of User::isBlocked().

Err, User::isBlocked() also returns a boolean. And, as I already pointed out to you, the 'UserIsBlockedFrom' hook does not return a block object at all.

Reworking any of that is probably more in scope of T190350: Epic: ⚡️ Partial blocks.

In T194585#4204710, @Anomie wrote:

Err, User::isBlocked() also returns a boolean. And, as I already pointed out to you, the 'UserIsBlockedFrom' hook does not return a block object at all.

My apologies, I meant User::getBlock()

I think Brad's first suggestion makes the most sense ("Add to ApiQueryInfo an inprop to indicate whether the current user is blocked from the page."). This would be similar to the existing readable prop. Although it would be nice to get the full block info back, I don't think this is strictly necessary. We could always output a generic message like "You are currently blocked from editing this page. Learn more." and have "Learn more" link to the user's block log or something like that. This would also let us work around T194530.

dbarratt mentioned this in T194586: UserIsBlockedFrom is ignored on mobile until the user attempts to publish.May 15 2018, 6:50 PM

kaldari mentioned this in T194795: Block log is broken on mobile.May 15 2018, 8:26 PM

In T194585#4208646, @kaldari wrote:

I think Brad's first suggestion makes the most sense ("Add to ApiQueryInfo an inprop to indicate whether the current user is blocked from the page.").

How would this work if the page doesn't exist yet? This would happen if I was blocked from a specific namespace. I mean the client could always go and get the block and figure out if the user is blocked, but I'd rather avoid having the same logic on the client and the server if that can be avoided.

In T194585#4209964, @dbarratt wrote:

How would this work if the page doesn't exist yet?

It would work well.

In T194585#4209986, @Anomie wrote:

It would work well.

Oh. I didn't know you can query for nonexistant pages.
https://www.mediawiki.org/wiki/API:Query#Missing_and_invalid_titles
Well I learn something new everyday!

dbarratt renamed this task from Expose User::isBlockedFrom() as an API endpoint to Expose whether a user is blocked from editing a specific page via the API.May 16 2018, 12:25 PM

dbarratt updated the task description. (Show Details)

• TBolliger moved this task from Backlog to User blocking on the MediaWiki-User-management board.May 18 2018, 4:03 PM

• TBolliger moved this task from Untriaged to Product/Tech backlog on the Anti-Harassment board.May 29 2018, 4:14 PM

dbarratt merged a task: T194586: UserIsBlockedFrom is ignored on mobile until the user attempts to publish.Jun 13 2018, 2:13 PM

dbarratt removed parent tasks: T194586: UserIsBlockedFrom is ignored on mobile until the user attempts to publish, T190350: Epic: ⚡️ Partial blocks.

dbarratt added a subscriber: dmaza.

dbarratt updated the task description. (Show Details)Jun 13 2018, 2:21 PM

dbarratt mentioned this in T197119: Update Visual Editor block notice to be page specific.Jun 13 2018, 2:29 PM

dbarratt added a parent task: T197119: Update Visual Editor block notice to be page specific.

dbarratt mentioned this in T197122: Update the block notices on mobile web to be page specific.Jun 13 2018, 3:09 PM

dbarratt added a parent task: T197122: Update the block notices on mobile web to be page specific.

dbarratt mentioned this in T197131: Update Android block notices to be page specific.Jun 13 2018, 3:39 PM

dbarratt added a parent task: T197131: Update Android block notices to be page specific.

dbarratt mentioned this in T197135: Update iOS block notices to be page specific.Jun 13 2018, 3:41 PM

dbarratt added a parent task: T197135: Update iOS block notices to be page specific.

dbarratt updated the task description. (Show Details)Jun 13 2018, 4:08 PM

dbarratt edited projects, added Anti-Harassment (AHT Sprint 23); removed Anti-Harassment.Jun 13 2018, 6:09 PM

dbarratt edited projects, added Anti-Harassment; removed Anti-Harassment (AHT Sprint 23).Jun 14 2018, 4:32 PM

• Vvjjkkii renamed this task from Expose whether a user is blocked from editing a specific page via the API to 61caaaaaaa.Jul 1 2018, 1:10 AM

• Vvjjkkii triaged this task as High priority.

• Vvjjkkii added projects: CheckUser, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), Tamil-Sites, Gamepress, Hashtags, Jade, KartoEditor, Language-2018-Apr-June, New-Editor-Experiences, Mail, TCB-Team (now WMDE-TechWish).

• Vvjjkkii updated the task description. (Show Details)

• Vvjjkkii removed a subscriber: Aklapper.

Scott renamed this task from 61caaaaaaa to Expose whether a user is blocked from editing a specific page via the API.Jul 1 2018, 4:56 PM

Scott lowered the priority of this task from High to Medium.

Scott removed projects: TCB-Team (now WMDE-TechWish), Mail, New-Editor-Experiences, Language-2018-Apr-June, KartoEditor, Jade, Hashtags, Gamepress, Tamil-Sites, Connected-Open-Heritage-Batch-uploads (RAÄ-KMB_1_2017-02), CheckUser.

Scott updated the task description. (Show Details)

Scott added a subscriber: Aklapper.

dbarratt added a subscriber: matmarex.Jul 10 2018, 4:21 AM

• TBolliger moved this task from Product/Tech backlog to Triage/To be Estimated on the Anti-Harassment board.Aug 24 2018, 3:47 PM

• TBolliger moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.Aug 24 2018, 6:40 PM

• TBolliger set the point value for this task to 3.

• TBolliger moved this task from Cards ready for development to AHT Sprint 29 on the Anti-Harassment board.Sep 12 2018, 7:08 PM

• TBolliger edited projects, added Anti-Harassment (AHT Sprint 29); removed Anti-Harassment.

• TBolliger added a parent task: T196578: 👩‍👧 MVP for partial blocks (block a user from pages only) .Sep 19 2018, 11:24 PM

dbarratt claimed this task.Sep 20 2018, 11:25 PM

dbarratt moved this task from Ready to In progress on the Anti-Harassment (AHT Sprint 29) board.

Change 461829 had a related patch set uploaded (by Dbarratt; owner: Dbarratt):
[mediawiki/core@master] Add a prop to ApiQueryInfo to indicate if user is blocked from current page.

https://gerrit.wikimedia.org/r/461829

gerritbot added a project: Patch-For-Review.Sep 21 2018, 12:00 AM

It seems this already works:

https://www.mediawiki.org/w/api.php?action=query&titles=Main%20Page|API:Query&prop=info&intestactions=edit

In T194585#4606933, @Umherirrender wrote:

It seems this already works:

https://www.mediawiki.org/w/api.php?action=query&titles=Main%20Page|API:Query&prop=info&intestactions=edit

Well fancy that! I'll ensure this works properly with the partial block changes, if it does (I don't see why it wouldn't looking at the code) then we can close this task! :)

The partial block changes have to add some checks to Title::userCan to support namespace or page depending user blocks in all places of mediawiki (like edit tabs in the navigation etc.)

Just for hint: The checks are more expensive than the IsProbablyEditable flag used by VisualEditor in the web ui (but that also includes create checks)

@Umherirrender I get a true value even if the user is blocked (on master), so this doesn't resolve the use case.

should User::isBlockedFrom be executed from Title::userCan? If not, then another property should be created, or I suppose this property should take both into consideration?

In T194585#4607666, @dbarratt wrote:

@Umherirrender I get a true value even if the user is blocked (on master), so this doesn't resolve the use case.

should User::isBlockedFrom be executed from Title::userCan? If not, then another property should be created, or I suppose this property should take both into consideration?

For me this reports an empty "actions" key in the json response as expected.
I am testing this as loggedin blocked user on current master.

User::isBlockedFrom is executed from Title::userCan in Title::checkUserBlock which is part for every check in Title::getUserPermissionsErrorsInternal

In T194585#4608015, @Umherirrender wrote:

For me this reports an empty "actions" key in the json response as expected.
I am testing this as loggedin blocked user on current master.

User::isBlockedFrom is executed from Title::userCan in Title::checkUserBlock which is part for every check in Title::getUserPermissionsErrorsInternal

I was using formatversion=2 and getting true with a blocked and unblocked user, but I'll try again.

I double checked this, and it does work correctly.

Reference URL (for myself):
http://localhost:8888/api.php?action=query&titles=Gotham&prop=info&intestactions=edit&formatversion=2

dbarratt closed this task as Invalid.Sep 24 2018, 8:52 PM

dbarratt moved this task from In progress to Done on the Anti-Harassment (AHT Sprint 29) board.

Change 461829 abandoned by Dbarratt:
Add a prop to ApiQueryInfo to indicate if user is blocked from current page.

Reason:
Unnecessary

https://gerrit.wikimedia.org/r/461829

The existing API doesn't actually resolve our use case. We need to not only know if you can edit a page or not, but also why you cannot edit the page.

Change 461829 restored by Dbarratt:
Add a prop to ApiQueryInfo to indicate if user is blocked from current page.

https://gerrit.wikimedia.org/r/461829

matmarex unsubscribed.Sep 25 2018, 5:59 AM

I'm not sure "you're blocked!" is all that useful of a "why". Perhaps the better solution would be to have intestactions (optionally?) return the message data from Title::getUserPermissionsErrors().

In T194585#4616156, @Anomie wrote:

I'm not sure "you're blocked!" is all that useful of a "why". Perhaps the better solution would be to have intestactions (optionally?) return the message data from Title::getUserPermissionsErrors().

Well the client would have to lookup the block to get the block reason regardless.

dbarratt moved this task from In progress to Done on the Anti-Harassment (AHT Sprint 29) board.Sep 25 2018, 9:20 PM

dbarratt moved this task from Done to Review on the Anti-Harassment (AHT Sprint 29) board.

• aezell moved this task from AHT Sprint 29 to AHT Sprint 30 on the Anti-Harassment board.Sep 26 2018, 7:09 PM

• aezell edited projects, added Anti-Harassment (AHT Sprint 30); removed Anti-Harassment (AHT Sprint 29).

• aezell moved this task from Ready to Review on the Anti-Harassment (AHT Sprint 30) board.

dbarratt moved this task from Review to In progress on the Anti-Harassment (AHT Sprint 30) board.Sep 26 2018, 7:42 PM

dbarratt moved this task from In progress to Review on the Anti-Harassment (AHT Sprint 30) board.Sep 26 2018, 9:47 PM

In T194585#4616156, @Anomie wrote:

I'm not sure "you're blocked!" is all that useful of a "why". Perhaps the better solution would be to have intestactions (optionally?) return the message data from Title::getUserPermissionsErrors().

Implemented that in https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/463292. Using that with a query like /w/api.php?action=query&prop=info&titles=Test&intestactions=edit&intestactionsdetail=full, a user that is blocked would show as something like

"actions": {
    "edit": [
        {
            "code": "blocked",
            "text": "You have been blocked from editing.",
            "data": {
                "blockinfo": {
                    "blockid": 7,
                    "blockedby": "Anomie",
                    "blockedbyid": 1,
                    "blockreason": "testing",
                    "blockedtimestamp": "2018-09-27T15:10:36Z",
                    "blockexpiry": "2018-09-27T15:11:36Z"
                }
            }
        }
    ],
}

The "blocksitewide" flag from https://gerrit.wikimedia.org/r/c/mediawiki/core/+/442222/39/includes/api/ApiQueryUserInfo.php would also be included in there.

In T194585#4622440, @Anomie wrote:

Implemented that in https://gerrit.wikimedia.org/r/#/c/mediawiki/core/+/463292. Using that with a query like /w/api.php?action=query&prop=info&titles=Test&intestactions=edit&intestactionsdetail=full, a user that is blocked would show as something like

I think you may have misunderstood me in T194585#4204705, because what you've done here is exactly what we are looking for. Ideally, the client (in this case, mobile web) should be able to 1) determine if the user is blocked on a per-page basis and 2) get the reason for the block (preferably on a single request). Your patch allows for that. :)

I'm not a huge fan of changing the param type, (from boolean to an object), but other than using another name for "actions" I don't have a solution (and that might make the params weirder anyways). I also wish the block didn't prefix block in it's params, but that's a separate issue.

I'll go ahead an abandon the patch I wrote since I think your solution is better (and what I was looking for in the first place).

In my earlier comments here, I forgot that intestactions existed. I re-found it during code review of your original patch and realized that that would be a better way to handle determining whether a page is editable or not.

In T194585#4627288, @dbarratt wrote:

because what you've done here is exactly what we are looking for.

I'm glad, that's what I was hoping for (:

I'm not a huge fan of changing the param type, (from boolean to an object),

No parameter types are changing in my patch. It does add a parameter to change the output field type, but in a backwards-compatible way since the change is gated behind a parameter.

but other than using another name for "actions" I don't have a solution (and that might make the params weirder anyways).

I agree it would be weirder to have intestactions and something else that does the same thing with a different output format. Unless we were going to deprecate intestactions entirely, but I think it still serves well for its original purpose with the boolean returns.

I also wish the block didn't prefix block in it's params, but that's a separate issue.

It reuses code that displays permissions errors in other contexts, which in turn reuses the block-formatting code from ApiQueryUserInfo.

Change 461829 abandoned by Dbarratt:
Add a prop to ApiQueryInfo to indicate if user is blocked from current page.

Reason:
Better solution at https://gerrit.wikimedia.org/r/c/mediawiki/core/ /463292

https://gerrit.wikimedia.org/r/461829

Change 463292 had a related patch set uploaded (by Dbarratt; owner: Anomie):
[mediawiki/core@master] API: Allow prop=info intestactions to return reasons

https://gerrit.wikimedia.org/r/463292

@Anomie while I was testing your patch, I found this bug T205895, it's not related to this task explicitly, but partial blocks do not work properly with your patch until we fix it.

In T194585#4630774, @dbarratt wrote:

@Anomie while I was testing your patch, I found this bug T205895, it's not related to this task explicitly, but partial blocks do not work properly with your patch until we fix it.

Correction... since prevents( 'edit' ) always returns true for partial blocks, then T205895 is not an issue for partial blocks.

dbarratt moved this task from Review to In progress on the Anti-Harassment (AHT Sprint 30) board.Oct 11 2018, 5:06 PM

• TBolliger moved this task from AHT Sprint 30 to AHT Sprint 31 on the Anti-Harassment board.Oct 12 2018, 7:16 PM

• TBolliger edited projects, added Anti-Harassment (AHT Sprint 31); removed Anti-Harassment (AHT Sprint 30).

• TBolliger moved this task from Ready to In progress on the Anti-Harassment (AHT Sprint 31) board.

dbarratt moved this task from In progress to Review on the Anti-Harassment (AHT Sprint 31) board.Oct 15 2018, 10:33 PM

Change 463292 merged by jenkins-bot:
[mediawiki/core@master] API: Allow prop=info intestactions to return reasons

https://gerrit.wikimedia.org/r/463292

dbarratt closed this task as Resolved.Oct 16 2018, 7:55 PM

dbarratt moved this task from Review to Done on the Anti-Harassment (AHT Sprint 31) board.

ReleaseTaggerBot added a project: MW-1.33-notes (1.33.0-wmf.1; 2018-10-23).Oct 16 2018, 8:01 PM

dbarratt mentioned this in T207893: Partial Blocks are enforced as Sitewide blocks in Wikibase entities.Jun 17 2019, 10:07 PM

hashar mentioned this in T233904: [api-feature] Cyberbot_I uses deprecated API entry points.Sep 26 2019, 8:54 AM

Aklapper removed a subscriber: Anomie.Oct 16 2020, 5:41 PM

	dbarratt
	May 13 2018, 4:05 AM

Expose whether a user is blocked from editing a specific page via the APIClosed, ResolvedPublic3 Estimated Story PointsActions

Description

Details

Related ObjectsSearch...

Event Timeline

Expose whether a user is blocked from editing a specific page via the API
Closed, ResolvedPublic3 Estimated Story Points
Actions

Related Objects
Search...