Page MenuHomePhabricator
Create Task
Maniphest T411355

🧱 Respond with a blocked user message for globally blocked users
Closed, ResolvedPublic
Actions

Description

Currently, the Wikibase REST API responds with a blocked user message only for locally blocked users. In case a user is blocked globally, a generic permission error will be returned:

{
  "error": "rest-write-denied",
  "httpCode": 403,
  "httpReason": "Forbidden"
}

To improve signalling to API users, we would like to respond with the same error message both for locally and globally blocked users:

{
  "code": "permission-denied",
  "message": "Access to resource is denied",
  "context": {
    "denial_reason": "blocked-user"
  }
}

Acceptance Criteria

  • Both locally and globally blocked users recieve the error message described above

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
CRUD: Remove unneeded setup step for integration testmediawiki/extensions/Wikibasemaster+0 -5
CRUD: Improve error message for globally blocked usersmediawiki/extensions/Wikibasemaster+56 -2
Customize query in gerrit

Related Objects
Search...

Event Timeline

ItamarWMDE created this task.Mon, Dec 1, 11:38 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMon, Dec 1, 11:38 AM
ItamarWMDE renamed this task from Respond with a blocked user for globally blocked users to Respond with a blocked user message for globally blocked users.Mon, Dec 1, 11:39 AM
ItamarWMDE renamed this task from Respond with a blocked user message for globally blocked users to 🧱 Respond with a blocked user message for globally blocked users.Mon, Dec 1, 12:41 PM
ItamarWMDE moved this task from To Do to Doing on the Wikibase Reuse Team (Sprint 58) board.
gerritbot added a comment.Mon, Dec 1, 7:32 PM

Change #1213551 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] CRUD: Improve error message for globally blocked users

https://gerrit.wikimedia.org/r/1213551

gerritbot added a project: Patch-For-Review.Mon, Dec 1, 7:32 PM
ItamarWMDE moved this task from Doing to Peer Review on the Wikibase Reuse Team (Sprint 58) board.Mon, Dec 1, 7:36 PM
Ifrahkhanyaree_WMDE moved this task from Backlog to Happening now on the Wikibase REST API (WPP) board.Tue, Dec 2, 3:14 PM
gerritbot added a comment.Wed, Dec 3, 2:31 PM

Change #1213551 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] CRUD: Improve error message for globally blocked users

https://gerrit.wikimedia.org/r/1213551

ReleaseTaggerBot added a project: MW-1.46-notes (1.46.0-wmf.7; 2025-12-16).Wed, Dec 3, 3:00 PM
Maintenance_bot removed a project: Patch-For-Review.Wed, Dec 3, 3:33 PM
PatchDemoBot added a comment.Thu, Dec 4, 11:42 AM

Test wiki created on Patch demo by ItamarWMDE using patch(es) linked to this task:
https://cc0837c127.catalyst.wmcloud.org/w/

PatchDemoBot added a comment.Thu, Dec 4, 11:43 AM

Test wiki on Patch demo by ItamarWMDE using patch(es) linked to this task was deleted:

https://cc0837c127.catalyst.wmcloud.org/w/

PatchDemoBot added a comment.Thu, Dec 4, 1:00 PM

Test wiki created on Patch demo by ItamarWMDE using patch(es) linked to this task:
https://e70b5ea7b9.catalyst.wmcloud.org/w/

ItamarWMDE added a subscriber: Jakob_WMDE.Thu, Dec 4, 2:50 PM
In T411355#11432445, @PatchDemoBot wrote:

Test wiki created on Patch demo by ItamarWMDE using patch(es) linked to this task:
https://e70b5ea7b9.catalyst.wmcloud.org/w/

@Ifrahkhanyaree_WMDE I created the patch demo and globally blocked the user Mallory. you can now try to log in as that user and create an Item through the api with the following snippet (thanks @Jakob_WMDE) through the dev tools console in your browser:

$.ajax({
    url: 'https://e70b5ea7b9.catalyst.wmcloud.org/w/rest.php/wikibase/v1/entities/items', 
    type: 'POST',
    contentType: 'application/json',
    data: JSON.stringify({ item: { labels: { en: 'potato' } } })
});

Happy verifying.

ItamarWMDE moved this task from Peer Review to Product Verification on the Wikibase Reuse Team (Sprint 58) board.Thu, Dec 4, 2:50 PM
Ifrahkhanyaree_WMDE added a comment.Fri, Dec 5, 10:24 AM

how do I pretend to be Mallory haha, do they have a username and password that y'all can share?

Ifrahkhanyaree_WMDE added a comment.Fri, Dec 5, 10:42 AM

Got this as a response so we're good!

{
    "code": "permission-denied",
    "message": "Access to resource is denied",
    "context": {
        "denial_reason": "blocked-user"
    }
}
Ifrahkhanyaree_WMDE moved this task from Product Verification to Done on the Wikibase Reuse Team (Sprint 58) board.Fri, Dec 5, 10:42 AM
gerritbot added a comment.Fri, Dec 5, 7:11 PM

Change #1215678 had a related patch set uploaded (by Itamar Givon; author: Itamar Givon):

[mediawiki/extensions/Wikibase@master] CRUD: Remove unneeded setup step for integration test

https://gerrit.wikimedia.org/r/1215678

gerritbot added a project: Patch-For-Review.Fri, Dec 5, 7:11 PM
Silvan_WMDE closed this task as Resolved.Tue, Dec 9, 10:28 AM
gerritbot added a comment.Thu, Dec 11, 9:51 AM

Change #1215678 merged by jenkins-bot:

[mediawiki/extensions/Wikibase@master] CRUD: Remove unneeded setup step for integration test

https://gerrit.wikimedia.org/r/1215678

Maintenance_bot removed a project: Patch-For-Review.Thu, Dec 11, 10:31 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits