MediaWiki supports different levels of page protected. We should make sure this protection is applied to changes to wikidata items.
If Title::userCan() is used everywhere to check access before any modifications are applied, this *should* be sufficient, as that is supposed to check page protection too.
It's a bit unclear to me on what level the checks should be performed. Probably, the API should check, and perhaps Item::save should check again.
There should also be unit tests checking that user permissions and page protection are working.
Version: master
Severity: blocker
Whiteboard: storypoints: 2