Page MenuHomePhabricator
Create Task
Maniphest T98367

B7. Refine deletedtext/deletedhistory
Closed, ResolvedPublic2 Estimated Story Points
Actions

Assigned To
matthiasmullie
Authored By
Mattflaschen-WMF
May 6 2015, 4:50 PM
Tags
Referenced Files
F188549: Screen Shot 2015-07-03 at 2.47.25 PM.png
Jul 3 2015, 9:48 PM
F188544: Screen Shot 2015-07-03 at 2.44.11 PM.png
Jul 3 2015, 9:46 PM
F188538: Screen Shot 2015-07-03 at 2.41.20 PM.png
Jul 3 2015, 9:42 PM
F188532: Screen Shot 2015-07-03 at 2.01.02 PM.png
Jul 3 2015, 9:42 PM
F188536: Screen Shot 2015-07-03 at 2.38.38 PM.png
Jul 3 2015, 9:42 PM
Subscribers
Aklapper
DannyH
Etonkovidova
gerritbot
Legoktm
Mattflaschen-WMF
matthiasmullie

Description

Before we were not requiring deletedtext for the main guard against topics on deleted boards. I put up a quick fix for that (https://gerrit.wikimedia.org/r/#/c/209248/1), but it's over-restrictive.

We should require the appropriate one for particular cases. Matthias mentioned blocks and RevisionFormatter::processParam, possibly among others.

Often these are granted together, but there are important exceptions. E.g. the 'researcher' group normally does not have 'deletedtext'.

Possibilities:

  1. Add a new key to FlowActions alongside 'permissions', e.g. coreDeletePermissions, pointing to the core permissions required. E.g.:

'view-topic-summary' => array(

// ...
coreDeletePermissions = array( 'deletedtext', 'deletedhistory' ),

),

  1. Similar to above, but use 'permissions' with another key (e.g. PostRevision::MODERATED_CORE_DELETION). This would have to be consulted in addition to the other ones.
  2. Explicitly call $user>isAllowed( 'deletedhistory' ) or $user->isAllowedAll( 'deletedtext', 'deletedhistory' ) directly from various places e.g. TopicBlock.

Details

SubjectRepoBranchLines +/-
Add config directive 'core-delete-permissions'mediawiki/extensions/Flowmaster+109 -51
Customize query in gerrit

Related Objects

Event Timeline

Mattflaschen-WMF created this task.May 6 2015, 4:50 PM
Mattflaschen-WMF claimed this task.
Mattflaschen-WMF raised the priority of this task from to Needs Triage.
Mattflaschen-WMF updated the task description. (Show Details)
Mattflaschen-WMF added a project: StructuredDiscussions.
Mattflaschen-WMF subscribed.
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptMay 6 2015, 4:50 PM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
Mattflaschen-WMF moved this task from Untriaged to Team discussion on the Collaboration-Team-Triage board.May 6 2015, 4:51 PM
Mattflaschen-WMF added subscribers: Legoktm, matthiasmullie.
DannyH moved this task from Team discussion to Sprint B (temporary for meeting) on the Collaboration-Team-Triage board.May 6 2015, 6:52 PM
DannyH set Security to None.
DannyH edited a custom field.
DannyH added a project: Collaboration-Team-Sprint-B-2015-05-20.May 6 2015, 8:42 PM
DannyH renamed this task from Refine deletedtext/deletedhistory to B7. Refine deletedtext/deletedhistory.May 6 2015, 8:45 PM
DannyH moved this task from Sprint B (temporary for meeting) to Current workboard on the Collaboration-Team-Triage board.May 6 2015, 10:42 PM
DannyH triaged this task as Medium priority.May 7 2015, 12:03 AM
Mattflaschen-WMF updated the task description. (Show Details)May 21 2015, 2:59 AM

I thought about some possibilities for this, which I added to the description. I think I prefer #2 or #1 in that order, but would like some feedback.

Mattflaschen-WMF updated the task description. (Show Details)May 21 2015, 3:00 AM
Legoktm added a comment.Jun 1 2015, 11:09 PM

What's the point of deletedhistory without deletedtext? It kind of makes sense in a MW Core sense, but in Flow the topic title is part of the page text, so you'd have history with absolutely no context.

I guess this would be a nice ideal thing to do, but if we end up doing a backend refactor to contenthandler, we'd get this for free.

matthiasmullie added a comment.Jun 2 2015, 6:20 AM

If a board is deleted, you would need deletedtext to be allowed to see any topics/post on there (they're equivalent to the page content)
But in order to see history of topics/posts on that deleted board, you would only need deletedhistory (equivalent to the page history)

DannyH added a project: Collaboration-Team-Sprint-C-2015-06-17.Jun 3 2015, 7:14 PM
Mattflaschen-WMF added a comment.EditedJun 4 2015, 8:28 PM

Yeah, there are certainly some things you should be able to see with just deletedhistory, even if we consider 'topic title' to be content. For example, seeing the fact that board description was edited (without actually seeing the description itself).

We're already using ContentHandler (but there's still legacy variables). But maybe you mean using user-friendly topic page names. That raises a interesting question, if the topic title is in the page name (rather than the UUID), should it be accessible with only deletedhistory? I would think yes. But that's off in the future.

For now, should we:

  • Just leave it (requiring both deletedtext and deletedhistory) and Decline this for now.
  • Try one of the possibilities I put in the description (2?)
  • Something else

?

Mattflaschen-WMF changed the task status from Open to Stalled.Jun 4 2015, 8:30 PM
Mattflaschen-WMF removed Mattflaschen-WMF as the assignee of this task.Jun 10 2015, 6:10 PM
gerritbot subscribed.Jun 12 2015, 12:59 PM

Change 217841 had a related patch set uploaded (by Matthias Mullie):
Add config directive 'core-delete-permissions'

https://gerrit.wikimedia.org/r/217841

gerritbot added a project: Patch-For-Review.Jun 12 2015, 12:59 PM
matthiasmullie claimed this task.Jun 12 2015, 1:00 PM
matthiasmullie moved this task from Sprint C - ends June 15 to Needs Review on the Collaboration-Team-Sprint-C-2015-06-17 board.
matthiasmullie moved this task from Needs Review to In Development on the Collaboration-Team-Sprint-C-2015-06-17 board.Jun 12 2015, 3:01 PM
matthiasmullie mentioned this in T102244: D8. Make it possible to figure out root-permissions of things we have yet to insert.Jun 13 2015, 6:10 PM
Catrope moved this task from Current workboard to Sprint D (temporary for meeting) on the Collaboration-Team-Triage board.Jun 16 2015, 5:47 PM
DannyH added a project: Collaboration-Team-Sprint-D-2015-06-30.Jun 16 2015, 7:00 PM
DannyH moved this task from Sprint D - ends July 1 to In Development on the Collaboration-Team-Sprint-D-2015-06-30 board.
DannyH moved this task from Sprint D (temporary for meeting) to Current workboard on the Collaboration-Team-Triage board.Jun 16 2015, 7:05 PM
matthiasmullie moved this task from In Development to Needs Review on the Collaboration-Team-Sprint-D-2015-06-30 board.Jun 17 2015, 8:31 AM
Catrope moved this task from Needs Review to Code Review Started on the Collaboration-Team-Sprint-D-2015-06-30 board.Jun 19 2015, 5:38 PM
gerritbot added a comment.Jun 26 2015, 8:12 PM

Change 217841 merged by jenkins-bot:
Add config directive 'core-delete-permissions'

https://gerrit.wikimedia.org/r/217841

Diffusion mentioned this in rMEXTba79aadb09eb: Updated mediawiki/extensions Project: mediawiki/extensions/Flow….Jun 26 2015, 8:12 PM
matthiasmullie mentioned this in rEFLW05a783577f1d: Add config directive 'core-delete-permissions'.Jun 26 2015, 8:12 PM
Forrestbot added a project: WMF-deploy-2015-06-30_(1.26wmf12).Jun 26 2015, 9:00 PM
Mattflaschen-WMF moved this task from Code Review Started to QA Review on the Collaboration-Team-Sprint-D-2015-06-30 board.Jun 26 2015, 11:35 PM
DannyH added a project: Collaboration-Team-Sprint-E-Everywhere-2015-07-14.Jun 30 2015, 7:39 PM
DannyH moved this task from Sprint E - ends July 14 to QA Review on the Collaboration-Team-Sprint-E-Everywhere-2015-07-14 board.
Etonkovidova subscribed.EditedJul 3 2015, 9:42 PM

Checked in beta.
Users see deleted topics in View history as the follows(notice that there are no topic titles):

Screen Shot 2015-07-03 at 2.47.25 PM.png (262×1 px, 92 KB)

Admin users see the topic titles:

Screen Shot 2015-07-03 at 2.44.11 PM.png (255×1 px, 120 KB)

Upon clicking on the the first link in the View history - the crossed-out deleted topic " 2015-07-03T21:37:30... ", an admin user will see:

Screen Shot 2015-07-03 at 2.41.20 PM.png (312×1 px, 53 KB)

Non-admin user will see:

Screen Shot 2015-07-03 at 2.01.02 PM.png (408×1 px, 72 KB)

Etonkovidova moved this task from QA Review to Product Review on the Collaboration-Team-Sprint-E-Everywhere-2015-07-14 board.Jul 3 2015, 9:49 PM
matthiasmullie mentioned this in T104843: Revision permalink page is confusing when missing permissions.Jul 6 2015, 11:50 AM

@Etonkovidova: AFAIUI, those history pages seem fine, right?

But it looks like that revision permalink page doesn't properly work when a user isn't allowed to see it. It doesn't expose info, but this is just confusing :p
Submitted as T104843

DannyH closed this task as Resolved.Jul 6 2015, 5:04 PM
DannyH moved this task from Product Review to Done on the Collaboration-Team-Sprint-E-Everywhere-2015-07-14 board.
DannyH subscribed.
DannyH moved this task from Current workboard to Resolved on the Collaboration-Team-Triage board.Jul 6 2015, 5:37 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL