Two features are requested:
- Ability to check a CSRF token for validity
- Interface to Title::userCan()
Two features are requested:
Subject | Repo | Branch | Lines +/- | |
---|---|---|---|---|
API: Add authz features for RESTBase | mediawiki/core | master | +139 -6 |
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Duplicate | None | T84962 Authn and authz as a service | |||
Resolved | Anomie | T88010 Action API modules to support Restbase |
Change 187466 had a related patch set uploaded (by Anomie):
API: Add authz features for RESTBase
Token checking:
$ curl --silent 'http://localhost/w/api.php?format=json&action=checktoken&type=csrf&token=123ABC' | json_pp { "checktoken" : { "result" : "invalid" } }
Title authz:
$ curl --silent 'http://localhost/w/api.php?format=json&action=query&prop=info&intestactions=edit|create|foobar&titles=Test|ProtectedTitle|TestX&inprop=protection&continue=' | json_pp { "query" : { "pages" : { "-1" : { "ns" : 0, "protection" : [ { "expiry" : "infinity", "level" : "sysop", "type" : "create" } ], "title" : "ProtectedTitle", "missing" : "", "contentmodel" : "wikitext", "restrictiontypes" : [ "create" ], "actions" : { "edit" : "" }, "pagelanguage" : "en" }, "2183" : { "contentmodel" : "wikitext", "restrictiontypes" : [ "edit", "move" ], "actions" : { "create" : "" }, "pageid" : 2183, "pagelanguage" : "en", "length" : 5, "touched" : "2014-08-10T20:18:12Z", "ns" : 0, "lastrevid" : 2461, "protection" : [ { "type" : "edit", "expiry" : "infinity", "level" : "evil" }, { "type" : "move", "expiry" : "infinity", "level" : "evil" }, { "source" : "Cascader", "type" : "edit", "level" : "sysop", "expiry" : "infinity" } ], "title" : "TestX" }, "2" : { "protection" : [], "title" : "Test", "touched" : "2015-01-23T20:35:55Z", "ns" : 0, "lastrevid" : 2792, "pageid" : 2, "actions" : { "create" : "", "edit" : "" }, "pagelanguage" : "en", "length" : 744, "contentmodel" : "wikitext", "restrictiontypes" : [ "edit", "move" ] } } }, "batchcomplete" : "" }