Last modified: 2014-09-24 01:28:58 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T20677, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 18677 - Give proper error message when viewing &action=protect without sufficient rights
Give proper error message when viewing &action=protect without sufficient rights
Status: REOPENED
Product: MediaWiki
Classification: Unclassified
Interface (Other open bugs)
unspecified
All All
: Lowest enhancement (vote)
: ---
Assigned To: Nobody - You can work on this!
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2009-05-04 06:19 UTC by MZMcBride
Modified: 2014-09-24 01:28 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Patch (681 bytes, patch)
2009-05-04 13:14 UTC, Stefano Codari 		Details
Show Obsolete (1) Add an attachment (proposed patch, testcase, etc.)

Description MZMcBride 2009-05-04 06:19:15 UTC 
For consistency, &action=protect and &action=unprotect should give "permission denied" errors and not show the interface if the user doesn't have appropriate permissions. This is the way &action=delete and Special:MovePage work.
Comment 1 Stefano Codari 2009-05-04 13:14:29 UTC 
Created attachment 6088 [details]
Patch

Tested patch attached.
Comment 2 Roan Kattouw 2009-05-04 14:52:09 UTC 
Patch applied in r50180
Comment 3 Andrew Garrett 2009-05-10 04:40:27 UTC 
IMO this is a regression, not a bug fix. We've removed useful functionality and replaced it with an error message.
Comment 4 Roan Kattouw 2009-05-10 09:19:12 UTC 
(In reply to comment #3)
> IMO this is a regression, not a bug fix. We've removed useful functionality and
> replaced it with an error message.
> 

Patch reverted in r50420. WONTFIXing per the comment above.
Comment 5 Gurch 2009-05-10 21:11:20 UTC 
(In reply to comment #3)
> IMO this is a regression, not a bug fix. We've removed useful functionality and
> replaced it with an error message.

What "useful functionality" has been removed? Protection settings are in the protection log, and at the top of the page when you try to edit it. If this is the standard why aren't the block/delete/user rights pages available to all users too?
Comment 6 Stefano Codari 2009-05-11 12:57:17 UTC 
IMO if the protection settings must be shown to all users then it would have also be shown the 'Protect' button in the top of the page, otherwise only the users who know the command 'action=protect' can see the settings.
Comment 7 Brion Vibber 2009-05-15 00:05:58 UTC 
Note that we nearly always show a read-only version of information in forms of this sort, including edit, protection, and various special pages and extensions. There's no reason to remove that functionality, as it would be a regression of functionality and usability with no corresponding gain.
Comment 8 MZMcBride 2012-07-20 18:38:55 UTC 
Re-opening this for further consideration.

There's a lot of inconsistent behavior here. Some forms show permission errors, other forms show read-only or greyed-out versions of the form.

This change was reverted due to bug 18728 ("Non-admins can no longer to see page protection settings"), however bug 18728 is kind of a red herring. No reasonable user would know to look for the protection settings under an invisible tab (the protect tab doesn't show to users without the 'protect' user right). Advanced users have been appending ?action=protect to get the current page protection status, but this is just a symptom of very poor UI.

The real issue behind bug 18728 was that page protection status is not exposed properly in the MediaWiki UI. I've filed bug 38536 just now ("Add page protection status to MediaWiki's info action").

The general inconsistent behavior of forms when the user doesn't have the appropriate permissions still needs study and consideration.
Comment 9 Sumana Harihareswara 2012-10-12 01:44:23 UTC 
Comment on attachment 6088 [details]
Patch

Marking as obsolete given reversion in comment #4.  Thank you for your suggestion, though!
Comment 10 Andre Klapper 2014-02-19 11:35:22 UTC 
[Removing "easy" as the approach to fix is not clear. Also see comment 8.]
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links