Page MenuHomePhabricator

For Compare Revision Endpoint check for page read permission
Closed, ResolvedPublic


For a given request ensure that page read permission is performed for given user.


  • Ensure that read permission is checked for a given page for a given user
  • Add integration test for behaviour

Event Timeline

Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptOct 16 2019, 2:59 PM
WDoranWMF removed tstarling as the assignee of this task.Oct 16 2019, 2:59 PM
WDoranWMF triaged this task as Medium priority.
WDoranWMF added a subscriber: tstarling.

Updated the documentation with a 403 response for this endpoint. (Compare revisions docs)

@Pchelolo what's the best way for me to confirm this as done on the beta cluster? I think this might work:

  1. Create a new page
  2. Edit it a few time to get some history
  3. Delete it (as an admin which I don't think I am)
  4. Run the comparison as a regular user

Is there a better way?

This is not about the deleted page, this is about a restricted 'read' permission and we need a private wiki for that ($wgGroupPermissions['*']['read'] = false), but I don't see a private wiki in beta...

@Pchelolo OK, I'll run it locally. Thanks!

eprodromou closed this task as Resolved.Oct 29 2019, 4:19 PM
eprodromou claimed this task.

Looks good, thanks.