Page MenuHomePhabricator
Create Task
Maniphest T99515

Check permissions for: compare-header-revisions, view-header, compare-post-revisions, single-view, ...
Open, HighPublic
Actions

Description

Some actions in FlowActions.php don't have 'permissions' key.
That value decided which permissions are needed to be able to get permission data for that action, based on the state of a revision.
It looks like we just never got to properly implement these.

header-related thingies probably got ignored because headers don't require any permissions. But it should still use the permission system (which e.g. also checks if page is deleted, for example)
Pretty sure none of those actions properly check permissions, because we shouldn't be able to get any data if permissions are not defined for a revision.

See https://gerrit.wikimedia.org/r/#/c/210074 where I needed to fill out view-topic-summary after starting to check for those permissions.

Event Timeline

matthiasmullie created this task.May 18 2015, 11:44 AM
matthiasmullie raised the priority of this task from to Needs Triage.
matthiasmullie updated the task description. (Show Details)
matthiasmullie added a project: StructuredDiscussions.
matthiasmullie subscribed.
Restricted Application added a project: Collaboration-Team-Triage. · View Herald TranscriptMay 18 2015, 11:44 AM
Restricted Application added a subscriber: Aklapper. · View Herald Transcript
DannyH triaged this task as High priority.May 18 2015, 6:58 PM
DannyH subscribed.
Mattflaschen-WMF added subscribers: Mattflaschen-WMF, Etonkovidova.May 18 2015, 7:52 PM

Also, we need to make sure we're actually checking the permissions everywhere we should be.

Aklapper edited projects, added Growth-Team; removed Collaboration-Team-Triage.Oct 12 2019, 4:18 AM
MBinder_WMF added a project: Growth-Team-Filtering.Apr 15 2021, 7:02 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits