Last modified: 2012-12-13 11:21:51 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T42557, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 40557 - Check permissions on read
Check permissions on read
Status: VERIFIED FIXED
Product: MediaWiki extensions
Classification: Unclassified
WikidataRepo (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Wikidata bugs
storypoints: 3
:
Depends on:
Blocks: 40573
  Show dependency treegraph
 
Reported: 2012-09-27 11:19 UTC by abraham.taherivand
Modified: 2012-12-13 11:21 UTC (History)
4 users (show)

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description abraham.taherivand 2012-09-27 11:19:29 UTC 

    


      




        
          Comment 1
        

        
          jeblad

        

        
        

        
          2012-09-28 10:35:58 UTC
        
      





Api - It looks like reading from the api is based on a generic permission, which is what the MW api does currently as well. However, we get lots of requests for the title's permissions to be checked on read, so that reading individual pages/items from the api can be controlled on a page-by-page basis (like you're doing for writes). If this is not desired for wikidata objects, please document that somewhere. Or if that granularity in permissions is desired, then it should be implemented now.

    


      




        
          Comment 2
        

        
          jeblad

        

        
        

        
          2012-09-28 11:58:12 UTC
        
      





https://gerrit.wikimedia.org/r/#/c/25547/

    


      




        
          Comment 3
        

        
          Daniel Kinzler

        

        
        

        
          2012-10-01 11:50:57 UTC
        
      





API modules were already checking the standard "read" permission, added unit tests for that: Idb009c0d

Standard checks in core seems to be sufficient to enforce the "read" permission for UI access. I have confirmed this with manual testing for normal page views, history and diffs. We could add selenium tests, but I suggest a separate item with low prio for that.

    


      




        
          Comment 4
        

        
          Anja Jentzsch

        

        
        

        
          2012-11-29 12:42:52 UTC
        
      





Verified in Wikidata demo time for sprint 18

    



  






  


    

      

        

          
            

              Note
              You need to
              log in
              before you can comment on or make changes to this bug.
            

          		
        
 
      

  
        





        




  
  First
  Last
  Prev
  Next
    
  This bug is not in your last
    search results.







			

			
		
		
		
		
		
		
			

				
				
				
				
				

					
Navigation

					

						
					

				

				
				
				
				
				

					
Links