Page MenuHomePhabricator
Create Task
Maniphest T235663

For Compare Revision Endpoint check for page read permission
Closed, ResolvedPublic
Actions

Description

Description
For a given request ensure that page read permission is performed for given user.

Requirement

  • Ensure that read permission is checked for a given page for a given user
  • Add integration test for behaviour

Related Objects
Search...

Event Timeline

WDoranWMF created this task.Oct 16 2019, 2:59 PM
Restricted Application removed a project: Patch-For-Review. · View Herald TranscriptOct 16 2019, 2:59 PM
WDoranWMF removed tstarling as the assignee of this task.Oct 16 2019, 2:59 PM
WDoranWMF triaged this task as Medium priority.
WDoranWMF moved this task from Backlog to Tasks Ready for Estimation on the Platform Team Workboards (Green) board.
WDoranWMF mentioned this in T235528: Check read permissions for from and to revision in comparison endpoint.
WDoranWMF added a subscriber: tstarling.
Pchelolo subscribed.Oct 16 2019, 5:46 PM

The check is implemented in https://gerrit.wikimedia.org/r/c/mediawiki/core/+/542450

WDoranWMF moved this task from Tasks Ready for Estimation to Waiting for Review on the Platform Team Workboards (Green) board.Oct 16 2019, 7:21 PM
apaskulin subscribed.Oct 17 2019, 4:43 PM

Updated the documentation with a 403 response for this endpoint. (Compare revisions docs)

Pchelolo moved this task from Waiting for Review to Done on the Platform Team Workboards (Green) board.Oct 18 2019, 7:07 PM
eprodromou added a comment.Oct 23 2019, 7:50 PM

@Pchelolo what's the best way for me to confirm this as done on the beta cluster? I think this might work:

  1. Create a new page
  2. Edit it a few time to get some history
  3. Delete it (as an admin which I don't think I am)
  4. Run the comparison as a regular user

Is there a better way?

Pchelolo added a comment.Oct 23 2019, 8:04 PM

This is not about the deleted page, this is about a restricted 'read' permission and we need a private wiki for that ($wgGroupPermissions['*']['read'] = false), but I don't see a private wiki in beta...

eprodromou added a comment.Oct 23 2019, 8:06 PM

@Pchelolo OK, I'll run it locally. Thanks!

eprodromou closed this task as Resolved.Oct 29 2019, 4:19 PM
eprodromou claimed this task.

Looks good, thanks.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits