Page MenuHomePhabricator

Do not allow edits from the client for blocked users on the repository
Closed, ResolvedPublic5 Story Points

Description

Problem:
It seems that users who are blocked on Wikidata can still do edits from clients. The edits in questions are page moves and page deletions. They should not be able to make edits on Wikidata if they are blocked.

On-wiki discussion:
https://www.wikidata.org/wiki/Wikidata:Administrators%27_noticeboard#Block_tool_broken? (discussion at the Administrators' noticeboard)

Example:

BDD
GIVEN a user who is blocked on the repository
WHEN that user moves or deletes a page
THEN the edit changing or removing the sitelink for that particular item should be blocked

Acceptance criteria:

  • Edits from the client are not propagated for users that are blocked on the repository.
  • Ensure there is a test covering the job that performs the edit from the client ensuring that there blocked users can't make edits.

Event Timeline

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 30 2018, 10:44 AM

The user never really edited Wikidata. The user renamed a page on huwiki and that rename was hence also done in Wikidata and was "credited" to the user that renamed the page on huwiki.

AFAIK, if a user moves a page in a Wikipedia project, the sitelink in the connected Wikidata item is *not* updated (1) if the user is locally blocked at Wikidata—as in this case—or (2) if the user does not exist locally at Wikidata.

Lydia_Pintscher renamed this task from Blocked user can edit to Do not allow edits from the client for blocked users on the repository.Nov 30 2018, 11:36 AM
Lydia_Pintscher triaged this task as High priority.
Lydia_Pintscher updated the task description. (Show Details)
Lydia_Pintscher moved this task from incoming to consider for next sprint on the Wikidata board.
Lydia_Pintscher moved this task from Incoming to Ready to go on the Wikidata-Campsite board.
Lydia_Pintscher added a subscriber: Lydia_Pintscher.

Updated the ticket. Please double check everything is correct.

Thanks, looks correct.

Tarrow added a subscriber: Tarrow.Dec 2 2018, 8:09 PM

Can someone please see if this is solved with the fix for T210953?

Looking at the code the job that makes this edit is already checking the edit permissions.
If this only recently (in the last week) became a problem then is suspect that it was the same issue as T210953.

Interestingly now that I look at this I wonder if rather than just throwing away there page moves it would be better to collect them somewhere for example for review by others?
But I digress....

Addshore updated the task description. (Show Details)Dec 18 2018, 2:09 PM
Addshore set the point value for this task to 5.