The backend api is enforcing that only admins and the owner of a list can edit or delete an existing list, but the UI seems to show both buttons to all users.
It looks like the issue is that components/lists/ListInfo.vue is checking for general permissions like $can( 'change', 'lists/toollist' ) rather than object specific permissions like $can( 'change', list ). This may also mean that we need to add type casting for the list objects in the vuex store.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Goal | bd808 | T271386 Curated lists of tools | ||
| Resolved | BUG REPORT | bd808 | T293159 "Edit" and "Delete" actions for lists showing in the UI for users who cannot use them |
Change 730392 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[wikimedia/toolhub@main] ui[ListInfo]: show edit & delete buttons based on list instance
Change 730392 merged by jenkins-bot:
[wikimedia/toolhub@main] ui[ListInfo]: show edit & delete buttons based on list instance
Change 730635 had a related patch set uploaded (by BryanDavis; author: Bryan Davis):
[operations/deployment-charts@master] toolhub: Bump container version to 2021-10-13-195718-production
Change 730635 merged by jenkins-bot:
[operations/deployment-charts@master] toolhub: Bump container version to 2021-10-13-195718-production
Change 726694 had a related patch set uploaded (by Jdlrobson; author: Jdlrobson):
[mediawiki/extensions/VisualEditor@master] It should be possible for extensions/skins to trigger the click event
Change 726694 merged by jenkins-bot:
[mediawiki/extensions/VisualEditor@master] Give skins/extensions ability to trigger VisualEditor