We'd like to continue supporting editing on private wikis like office wiki. To do this, we need to globally check for the 'read' right in the userinfo query result for all read accesses to the domain.
More concrete steps:
- Figure out a way to configure permissions at the root of a wiki. It might make sense to use the swagger security object for this, possibly with a custom Mediawiki mediaWikiSecurity scheme as sketched in these older notes on schema loading and the production config.yaml.
- It might actually make sense to set this at the level of https://github.com/wikimedia/operations-puppet/blob/production/modules/restbase/templates/config.yaml.erb#L161, so that we can share the sub-specs between public & private wikis.
- On each read request (GET), kick off a parallel access check in RESTBase (in parallel with the handler), ideally in a separate security module that hides the details. For POST and PUT, we'll probably want to perform this check sequentially before doing anything else. For now, the request will be to the userinfo query end point in the PHP API, and will forward the incoming cookie header to MediaWiki so that the request can be authenticated.
- If the access check fails for 'read' rights, return a 403.