Design an architecture proposal for user authorization that can use the data returned from WikilambdaDiff to restrict access
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	gengh
	Oct 19 2022, 12:11 PM

Description

WikiLambdaDiff currently calculates Diffs returning the following format:

{
	"root.Z2K3.Z12K1.1.Z11K2": {
		"type": "change",
		"oldvalue": "Some string",
		"newvalue": "Some monolingual text"
	}
}

Where, for each atomic change, we are extracting:

The path: root.Z2K3.Z12K1.1.Z11K2
The operation: change | add | remove
The old and/or new values

Desired behavior/Acceptance criteria (returned value, expected error, performance expectations, etc.)

Using the "path" and "operation" information, the system should be able to:

Check if there's any restriction that applies to that tuple
- E.g. [ "$.root.Z2K3.Z12K1", "add" ] is allowed for anyone: (Anyone can add a new label to a persisted ZObject)
- E.g. [ "$.root.Z2K2.Z8K3", "add" ] is only allowed for sysadmins: (Only sysadmins can attach testers to a persisted ZFunction)
Check if the current user privileges allow for this operation
If the user cannot do a particular operation, don't perform it
Return an understandable and accessible error report to the user

This task requires:

Research and understand Mediawiki architecture and standard practices reg. user and group authorization
Design an architecture proposal for how to integrate this process in the WikiLambda edit/creation process
Design a format proposal for how/where to record path-operation-group rules that is easily usable from the system and can be easily edited and augmented by the engineers

Completion checklist

Before closing this task, review one by one the checklist available here: https://www.mediawiki.org/wiki/Abstract_Wikipedia_team/Definition_of_Done#Back-end_Task/Bug_completion_checklist

Related Objects
Search...

Status	Subtype	Assigned	Task
Open	BUG REPORT	None	T344206 Special:MathStatus exception error on Wikifunctions
Open		None	T342865 Post-creation work for wikifunctionswiki
Resolved		BTullis	T289316 Prepare and check storage layer for Wikifunctions.org (new public content wiki)
Resolved		Jdforrester-WMF	T275945 Create Wikifunctions.org
Resolved		Jdforrester-WMF	T299176 Phase Theta – Root task
Resolved		DVrandecic	T299598 Add security limits to the Wikifunctions system to maintain stability and integrity of the content
Resolved		gengh	T260314 Restrict making content (non-label/alias) changes to system-provided ZObjects to users with a special right
Resolved		gengh	T321187 Add all necessary path-operation-user restrictions
Resolved		gengh	T299600 Restrict associating & disassociating Testers and Implementations to ZFunctions to users with a special right
Resolved		gengh	T299602 Restrict altering Types to users with a special right
Resolved		gengh	T299603 Restrict editing Implementations and Testers which are associated with their Function to users with a special right
Resolved		gengh	T299604 Restrict altering Function definitions to users with a special right
Open		None	T284473 Users are provided with a meaningful object diff to determine what changes have been made
Open		None	T290205 Provide semi-automated edit summaries for ZObject edits
Open		None	T303342 Users get an automatic edit tag when publishing that shows what kind of edit was made
Resolved		gengh	T303338 The WikiLambda system understands the nature of changes being made and can react to them
Resolved		gengh	T321183 Design an architecture proposal for user authorization that can use the data returned from WikilambdaDiff to restrict access