Page MenuHomePhabricator
Create Task
Maniphest T312748

🟦️ Authenticate and authorize as mediawiki user when making DELETE and PUT requests to REST API statement routes
Closed, ResolvedPublic3 Estimated Story Points
Actions

Description

As a gadget author I would like the user changing statements using the gadget to be authenticated so that they could be credited to the changes they make.
As a gadget author I would like the user changing statements using the gadget to be authorized so that the wiki's editing restrictions are not violated.

Bearer-token based authentication using Authorization HTTP header should be used.

Currently POST requests to /entities/items/{item_id}/statements handle the authentication.

The following requests should also authenticate and authorize the mediawiki user:
DELETE /entities/items/{item_id}/statements/{statement_id}
DELETE /statements/{statement_id}
PUT /entities/items/{item_id}/statements/{statement_id}
PUT /statements/{statement_id}

Related Objects
Search...

Event Timeline

WMDE-leszek created this task.Jul 11 2022, 8:59 AM
WMDE-leszek renamed this task from Authenticate as mediawiki user when making DELETE, PUT and PATCH requests to REST API statement routes to Authenticate and authorize as mediawiki user when making DELETE, PUT and PATCH requests to REST API statement routes.Jul 11 2022, 9:34 AM
WMDE-leszek updated the task description. (Show Details)
WMDE-leszek set the point value for this task to 3.
WMDE-leszek moved this task from Backlog to Next on the Wikibase Product Platform (v1) board.Jul 11 2022, 8:58 PM
WMDE-leszek updated the task description. (Show Details)Jul 27 2022, 7:34 AM
WMDE-leszek moved this task from Next to Sprint 11 on the Wikibase Product Platform (v1) board.Jul 27 2022, 9:27 AM
WMDE-leszek edited projects, added Wikibase Product Platform (v1) (Sprint 11); removed Wikibase Product Platform (v1).
Jakob_WMDE renamed this task from Authenticate and authorize as mediawiki user when making DELETE, PUT and PATCH requests to REST API statement routes to Authenticate and authorize as mediawiki user when making DELETE and PUT requests to REST API statement routes.Jul 27 2022, 12:52 PM
Jakob_WMDE updated the task description. (Show Details)
Jakob_WMDE added subscribers: Ollie.Shotton_WMDE, Silvan_WMDE, Jakob_WMDE.Jul 27 2022, 12:59 PM

Notes from task breakdown:

Task 1: Check authorization for DELETE statement requests - @Ollie.Shotton_WMDE creates ticket

  • check in use case via PermissionChecker
  • tests for both route handlers

Task 2: Check authorization for PUT statement requests - @Silvan_WMDE creates ticket

  • check in use case via PermissionChecker
  • tests for both route handlers
Jakob_WMDE renamed this task from Authenticate and authorize as mediawiki user when making DELETE and PUT requests to REST API statement routes to 🟦️ Authenticate and authorize as mediawiki user when making DELETE and PUT requests to REST API statement routes.Jul 27 2022, 1:00 PM
Ollie.Shotton_WMDE moved this task from To Do to Product Verification on the Wikibase Product Platform (v1) (Sprint 11) board.Aug 5 2022, 9:01 AM
WMDE-leszek added a comment.Aug 8 2022, 12:04 PM

Verified!

WMDE-leszek moved this task from Product Verification to Done on the Wikibase Product Platform (v1) (Sprint 11) board.Aug 8 2022, 12:04 PM
Aklapper closed subtask T314033: 🟦️ Check authorization for DELETE statement requests as Resolved.Oct 10 2022, 9:53 AM
Aklapper closed subtask T314031: 🟦️ Check authorization for PUT statement requests as Resolved.
Aklapper closed this task as Resolved.Oct 10 2022, 9:57 AM

@WMDE-leszek: Assuming this task is resolved. Thus setting resolved task status. Please reopen and add an active project tag if that is not the case. Thanks.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL