Page MenuHomePhabricator
Create Task
Maniphest T261425

Configure API Portal wiki
Closed, ResolvedPublic
Actions

Description

Following the deployment of the API Portal wiki at api.wikimedia.org, configure the wiki to match the configuration used in api.wikimedia.beta.wmflabs.org with the addition of the extra config needed for private launch:

$wgGroupPermissions['*']['read'] = false;
$wgGroupPermissions['user']['read'] = false;
$wgGroupPermissions['docseditor']['read'] = true;


$wgWhitelistRead = [
    "Main Page", "Special:UserLogin"
    ];

In addition to the config described above, we also need to disable the Collection Extension. (See T260309 for details.)

To do:

  • Apply config
  • Make APaskulin (WMF) a bureaucrat
  • Verify that all users outside the docseditor group can only view the main page and the login page

Details

SubjectRepoBranchLines +/-
Rename docseditor right to edit-docsmediawiki/skins/WikimediaApiPortalwmf/1.36.0-wmf.8+7 -7
Rename docseditor right to edit-docs. Allow bureaucrats to read.operations/mediawiki-configmaster+14 -10
Rename docseditor right to edit-docsmediawiki/skins/WikimediaApiPortalmaster+7 -7
api-portal: required extended configurationoperations/mediawiki-configmaster+50 -47
Customize query in gerrit

Related Objects

Event Timeline

apaskulin created this task.Aug 27 2020, 3:53 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptAug 27 2020, 3:53 PM
WDoranWMF assigned this task to hnowlan.Aug 27 2020, 5:14 PM
WDoranWMF moved this task from Backlog to Ready on the Platform Team Workboards (Green) board.

@hnowlan Just positioning on the board so it's ready when we are at this point.

Thanks @apaskulin for setting this up!

apaskulin updated the task description. (Show Details)Aug 31 2020, 6:16 PM
apaskulin mentioned this in T260309: Remove Print/export from navigation.
hnowlan moved this task from Ready to Doing on the Platform Team Workboards (Green) board.Sep 3 2020, 3:13 PM
WDoranWMF added a project: Platform Team Sprints Board (Sprint 3).Sep 4 2020, 2:08 PM
gerritbot added a comment.Sep 4 2020, 3:55 PM

Change 624750 had a related patch set uploaded (by Hnowlan; owner: Hnowlan):
[operations/mediawiki-config@master] api-portal: required extended configuration

https://gerrit.wikimedia.org/r/624750

gerritbot added a project: Patch-For-Review.Sep 4 2020, 3:55 PM
hnowlan moved this task from Doing to Waiting for Review on the Platform Team Workboards (Green) board.Sep 7 2020, 3:00 PM
hnowlan moved this task from Waiting for Review to Ready to Deploy on the Platform Team Workboards (Green) board.Sep 8 2020, 3:16 PM
gerritbot added a comment.Sep 9 2020, 11:06 AM

Change 624750 merged by jenkins-bot:
[operations/mediawiki-config@master] api-portal: required extended configuration

https://gerrit.wikimedia.org/r/624750

Maintenance_bot removed a project: Patch-For-Review.Sep 9 2020, 11:10 AM
Stashbot added a comment.Sep 9 2020, 11:34 AM

Mentioned in SAL (#wikimedia-operations) [2020-09-09T11:34:40Z] <awight@deploy1001> Synchronized wmf-config: Config: [[gerrit:624750|api-portal: required extended configuration (T261425)]] (duration: 01m 08s)

hnowlan added a comment.Sep 9 2020, 11:36 AM

The new config has been deployed and the wiki is now reskinned and locked down.

hnowlan moved this task from Ready to Deploy to User Story Review on the Platform Team Workboards (Green) board.Sep 9 2020, 11:37 AM
eprodromou moved this task from User Story Review to Doing on the Platform Team Workboards (Green) board.Sep 9 2020, 3:30 PM
apaskulin updated the task description. (Show Details)Sep 9 2020, 4:04 PM
apaskulin added a comment.Sep 9 2020, 4:19 PM

@CCicalese_WMF Can you help us troubleshoot the permissions for this? My user APaskulin_(WMF) has bureaucrat rights, but I'm still seeing a permissions error. The same thing is happening on the beta site: my user (Apaskulin) with docs editor permissions is getting a permissions error. Hugh and I suspect there is an issue with the config.

MarcoAurelio subscribed.Sep 9 2020, 4:35 PM
In T261425#6447522, @apaskulin wrote:

@CCicalese_WMF Can you help us troubleshoot the permissions for this? My user APaskulin_(WMF) has bureaucrat rights, but I'm still seeing a permissions error. The same thing is happening on the beta site: my user (Apaskulin) with docs editor permissions is getting a permissions error. Hugh and I suspect there is an issue with the config.

Do you have docseditor permissions in api.wikimedia? It looks reading is limited to that group only. I can try to grant those to you if needed.

hnowlan added a comment.Sep 9 2020, 4:39 PM

It turns out that adding a user to docseditor fixes this issue - but our change was in theory supposed to make bureaucrat automatically part of that group.

MarcoAurelio added a comment.Sep 9 2020, 4:46 PM

The deployed config (3f4529d) does not make bureaucrats part of docseditors or viceversa. They're two different groups. But you may grant bureaucrats 'read' permissions as well.

CCicalese_WMF added a comment.EditedSep 9 2020, 4:54 PM

There is a docseditor group as well a a docseditor right. That is confusing and should be fixed. The right should be something like editdocs. I will create a patch to the skin to fix that as well as a patch to the config to match.

The config allows bureaucrats to add and users from the docseditor group, but it does not give bureaucrats the docseditor right. It does give docseditor to sysops. Bureaucrats don't really need the docseditor right, but they do need to be able to read at least Special:UserRights.

taavi subscribed.Sep 9 2020, 4:56 PM
gerritbot added a comment.Sep 9 2020, 5:14 PM

Change 626188 had a related patch set uploaded (by Cicalese; owner: Cicalese):
[mediawiki/skins/WikimediaApiPortal@master] Rename docseditor right to edit-docs

https://gerrit.wikimedia.org/r/626188

gerritbot added a project: Patch-For-Review.Sep 9 2020, 5:14 PM
gerritbot added a comment.Sep 9 2020, 5:19 PM

Change 626190 had a related patch set uploaded (by Cicalese; owner: Cicalese):
[operations/mediawiki-config@master] Rename docseditor right to edit-docs. Allow bureaucrats to read.

https://gerrit.wikimedia.org/r/626190

gerritbot added a comment.Sep 9 2020, 7:44 PM

Change 626044 had a related patch set uploaded (by Ppchelko; owner: Cicalese):
[mediawiki/skins/WikimediaApiPortal@wmf/1.36.0-wmf.8] Rename docseditor right to edit-docs

https://gerrit.wikimedia.org/r/626044

gerritbot added a comment.Sep 9 2020, 7:48 PM

Change 626188 merged by jenkins-bot:
[mediawiki/skins/WikimediaApiPortal@master] Rename docseditor right to edit-docs

https://gerrit.wikimedia.org/r/626188

gerritbot added a comment.Sep 9 2020, 7:50 PM

Change 626190 merged by jenkins-bot:
[operations/mediawiki-config@master] Rename docseditor right to edit-docs. Allow bureaucrats to read.

https://gerrit.wikimedia.org/r/626190

gerritbot added a comment.Sep 9 2020, 7:52 PM

Change 626044 merged by jenkins-bot:
[mediawiki/skins/WikimediaApiPortal@wmf/1.36.0-wmf.8] Rename docseditor right to edit-docs

https://gerrit.wikimedia.org/r/626044

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.9; 2020-09-15).Sep 9 2020, 8:00 PM
Stashbot added a comment.Sep 9 2020, 8:01 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-09T20:01:57Z] <ppchelko@deploy1001> Synchronized php-1.36.0-wmf.8/skins/WikimediaApiPortal: Backport gerrit:626044, T261425 (duration: 01m 12s)

Stashbot added a comment.Sep 9 2020, 8:03 PM

Mentioned in SAL (#wikimedia-operations) [2020-09-09T20:03:43Z] <ppchelko@deploy1001> Synchronized wmf-config/InitialiseSettings.php: gerrit:626190 T261425 (duration: 01m 03s)

apaskulin closed this task as Resolved.Sep 9 2020, 8:12 PM
apaskulin updated the task description. (Show Details)
apaskulin moved this task from Doing to Done on the Platform Team Workboards (Green) board.

Verified on beta and prod. Thanks all!

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits