Page MenuHomePhabricator

Action API modules to support Restbase
Closed, ResolvedPublic

Description

Two features are requested:

  • Ability to check a CSRF token for validity
  • Interface to Title::userCan()

Event Timeline

Anomie created this task.Jan 29 2015, 8:13 PM
Anomie claimed this task.
Anomie raised the priority of this task from to Medium.
Anomie updated the task description. (Show Details)
Anomie added a subscriber: Anomie.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 29 2015, 8:13 PM
bd808 added a subscriber: bd808.Jan 29 2015, 8:14 PM
gerritbot added a subscriber: gerritbot.

Change 187466 had a related patch set uploaded (by Anomie):
API: Add authz features for RESTBase

https://gerrit.wikimedia.org/r/187466

Patch-For-Review

Token checking:

$ curl --silent 'http://localhost/w/api.php?format=json&action=checktoken&type=csrf&token=123ABC' | json_pp
{
   "checktoken" : {
      "result" : "invalid"
   }
}

Title authz:

$ curl --silent 'http://localhost/w/api.php?format=json&action=query&prop=info&intestactions=edit|create|foobar&titles=Test|ProtectedTitle|TestX&inprop=protection&continue=' | json_pp
{
   "query" : {
      "pages" : {
         "-1" : {
            "ns" : 0,
            "protection" : [
               {
                  "expiry" : "infinity",
                  "level" : "sysop",
                  "type" : "create"
               }
            ],
            "title" : "ProtectedTitle",
            "missing" : "",
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "create"
            ],
            "actions" : {
               "edit" : ""
            },
            "pagelanguage" : "en"
         },
         "2183" : {
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "edit",
               "move"
            ],
            "actions" : {
               "create" : ""
            },
            "pageid" : 2183,
            "pagelanguage" : "en",
            "length" : 5,
            "touched" : "2014-08-10T20:18:12Z",
            "ns" : 0,
            "lastrevid" : 2461,
            "protection" : [
               {
                  "type" : "edit",
                  "expiry" : "infinity",
                  "level" : "evil"
               },
               {
                  "type" : "move",
                  "expiry" : "infinity",
                  "level" : "evil"
               },
               {
                  "source" : "Cascader",
                  "type" : "edit",
                  "level" : "sysop",
                  "expiry" : "infinity"
               }
            ],
            "title" : "TestX"
         },
         "2" : {
            "protection" : [],
            "title" : "Test",
            "touched" : "2015-01-23T20:35:55Z",
            "ns" : 0,
            "lastrevid" : 2792,
            "pageid" : 2,
            "actions" : {
               "create" : "",
               "edit" : ""
            },
            "pagelanguage" : "en",
            "length" : 744,
            "contentmodel" : "wikitext",
            "restrictiontypes" : [
               "edit",
               "move"
            ]
         }
      }
   },
   "batchcomplete" : ""
}
mobrovac moved this task from Backlog to Ready / next on the RESTBase board.Feb 13 2015, 7:02 PM
Anomie moved this task from Unsorted to Needs Review on the MediaWiki-API board.Feb 19 2015, 6:03 PM

Change 187466 merged by jenkins-bot:
API: Add authz features for RESTBase

https://gerrit.wikimedia.org/r/187466

Anomie closed this task as Resolved.Feb 20 2015, 1:28 PM
Anomie moved this task from Needs Review/Feedback to Done on the MediaWiki-Core-Team board.
Anomie set Security to None.
Anomie moved this task from Needs Review to Done on the MediaWiki-API board.Feb 20 2015, 8:23 PM
bd808 moved this task from Done to Archive on the MediaWiki-Core-Team board.Feb 23 2015, 11:58 PM