Last modified: 2014-09-24 01:28:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20677, the corresponding Phabricator task for complete and up-to-date bug report information.

Bug 18677 - Give proper error message when viewing &action=protect without sufficient rights


Summary:	Give proper error message when viewing &action=protect without sufficient rights

Status:	REOPENED

Product:	MediaWiki
Classification:	Unclassified
Component:	Interface (Other open bugs)
Version:	unspecified
Hardware:	All All

Importance:	Lowest enhancement (vote)
Target Milestone:	---
Assigned To:	Nobody - You can work on this!

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2009-05-04 06:19 UTC by MZMcBride
Modified:	2014-09-24 01:28 UTC (History)
CC List:	4 users (show)

See Also:
Web browser:	---
Mobile Platform:	---
Assignee Huggle Beta Tester:	---

Attachments
Patch (681 bytes, patch) 2009-05-04 13:14 UTC, Stefano Codari	Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2009-05-04 06:19:15 UTC

For consistency, &action=protect and &action=unprotect should give "permission denied" errors and not show the interface if the user doesn't have appropriate permissions. This is the way &action=delete and Special:MovePage work.

Comment 1 Stefano Codari 2009-05-04 13:14:29 UTC

Created attachment 6088 [details]
Patch

Tested patch attached.

Comment 2 Roan Kattouw 2009-05-04 14:52:09 UTC

Patch applied in r50180

Comment 3 Andrew Garrett 2009-05-10 04:40:27 UTC

IMO this is a regression, not a bug fix. We've removed useful functionality and replaced it with an error message.

Comment 4 Roan Kattouw 2009-05-10 09:19:12 UTC

(In reply to comment #3)
> IMO this is a regression, not a bug fix. We've removed useful functionality and
> replaced it with an error message.
> 

Patch reverted in r50420. WONTFIXing per the comment above.

Comment 5 Gurch 2009-05-10 21:11:20 UTC

(In reply to comment #3)
> IMO this is a regression, not a bug fix. We've removed useful functionality and
> replaced it with an error message.

What "useful functionality" has been removed? Protection settings are in the protection log, and at the top of the page when you try to edit it. If this is the standard why aren't the block/delete/user rights pages available to all users too?

Comment 6 Stefano Codari 2009-05-11 12:57:17 UTC

IMO if the protection settings must be shown to all users then it would have also be shown the 'Protect' button in the top of the page, otherwise only the users who know the command 'action=protect' can see the settings.

Comment 7 Brion Vibber 2009-05-15 00:05:58 UTC

Note that we nearly always show a read-only version of information in forms of this sort, including edit, protection, and various special pages and extensions. There's no reason to remove that functionality, as it would be a regression of functionality and usability with no corresponding gain.

Comment 8 MZMcBride 2012-07-20 18:38:55 UTC

Re-opening this for further consideration.

There's a lot of inconsistent behavior here. Some forms show permission errors, other forms show read-only or greyed-out versions of the form.

This change was reverted due to bug 18728 ("Non-admins can no longer to see page protection settings"), however bug 18728 is kind of a red herring. No reasonable user would know to look for the protection settings under an invisible tab (the protect tab doesn't show to users without the 'protect' user right). Advanced users have been appending ?action=protect to get the current page protection status, but this is just a symptom of very poor UI.

The real issue behind bug 18728 was that page protection status is not exposed properly in the MediaWiki UI. I've filed bug 38536 just now ("Add page protection status to MediaWiki's info action").

The general inconsistent behavior of forms when the user doesn't have the appropriate permissions still needs study and consideration.

Comment 9 Sumana Harihareswara 2012-10-12 01:44:23 UTC

Comment on attachment 6088 [details]
Patch

Marking as obsolete given reversion in comment #4.  Thank you for your suggestion, though!

Comment 10 Andre Klapper 2014-02-19 11:35:22 UTC

[Removing "easy" as the approach to fix is not clear. Also see comment 8.]

Note You need to log in before you can comment on or make changes to this bug.

Wikimedia Bugzilla is closed!

Search

Personal tools

Navigation

Links