Page MenuHomePhabricator

VisualEditor: Don't offer Edit button when user cannot edit page
Closed, ResolvedPublic


The VisualEditor interface does not currently recognize page protection. If a user visits a protected page (a page to which he or she does not have access to edit), VisualEditor will still display a working edit form and the first click of the "Save page" button will work. It will produce a dialog box that will present a second "Save page" button that does not work. Ideally, VisualEditor would not let a user get this far without indicating that the page is uneditable.

Related to this, there's no warning for administrators that a page is protected when they're editing the page. This may be a separate bug, however.

Version: unspecified
Severity: normal



Event Timeline

bzimport raised the priority of this task from to Medium.Nov 22 2014, 1:07 AM
bzimport set Reference to bz42142.

We should be able to detect in JS whether the user has the edit permission for this page. One way we can detect this is by checking whether the user gets an edit tab or a view source tab.

We have mw.user.getRights()[async] now in core as well.

And for the current page, I suppose wgRestrictionEdit and wgUserGroups could be used.

I suppose the lazy solution (use the presence of a button outputted by server side) is sufficient, especially given that if someone games it, saving will still fail. Its only for the UI.

If we do that it means we can no longer pseudo-restrict "Edit source" on a different level than "VisualEditor Edit".

e.g. on we protected the namespace with sysop, but allowed users to edit it with VE.

That's not a problem I guess, but I noticed while implementing it that it was a matter of removing the code that explicitly ignored the presence of the edit button for sysops.

Change-Id: I3fe29c52b743837c2e1d66f25ccdca6115b8bd25

Yeah, well, different "protection" levels for VE and non-VE editors feels like the wrong kind of solution.