Brad Jorsch <> changed:

           What    |Removed                     |Added
             Status|NEW                         |RESOLVED
         Resolution|---                         |INVALID

--- Comment #1 from Brad Jorsch <> ---
> * Is the permission denied for the user, or for the OAuth consumer? 

Short answer: It's the user here.

Long answer: That's a bit of a hard question. A permissions error for the OAuth
consumer would begin with "mwoauth-". The "permissiondenied" error is given
when the user lacks the necessary rights.

But it could be that the OAuth consumer didn't ask for the right grants, so the
user-via-consumer wouldn't have the rights that the user would have when making
the same query directly. That *could* be considered that the permissions were
denied for the consumer.

In this particular case, though, the consumer does have the necessary grant
("Upload, replace, and move files"). It's just that some users lack the
necessary right and OAuth never adds rights the user doesn't have normally, it
just removes them when not granted.

> * Why is the permission denied?
> * Why does it work for some users, but not others?

Uploading from a url via the API requires the "upload_by_url" user right.
[[commons:User:Magnus Manske]] has this right, while
[[commons:User:Testuser-MM]] does not.

According to [[commons:Special:ListGroupRights]], the following groups have
this right: sysop, Image-reviewer, gwtoolset.

Your tool can use meta=userinfo&uiprop=rights to check if the user has the
necessary right.

I'm going to close this as "INVALID" because there's no MediaWiki core or OAuth
extension bug here, just a misunderstanding of the user rights required. But
feel free to reply if you need further clarification.

You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
Wikibugs-l mailing list

Reply via email to