Michael created this task. Michael added a project: Wikidata-Campsite. Restricted Application added a subscriber: Aklapper. Restricted Application added a project: Wikidata. |
TASK DESCRIPTION
When working on T211119, I noticed that the API checks the validity of requests before it checks whether the user has the right to execute the request.
That order should be inverted. The new order should probably look something like this:
- Check whether the user is allowed to execute e.g. wbcreateclaim. (He might be blocked)
- Look at the other request parameters and check whether they are valid. (A parameter might be missing or malformed)
- Check whether the user has the rights to take that action on that item. (The item might be protected)
Acceptance criteria:
- API requests check that a user is allowed to make that request before checking the validity of the request parameters
- A test for this behavior
TASK DETAIL
EMAIL PREFERENCES
To: Michael
Cc: Aklapper, Michael, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, D3r1ck01, Jonas, Wikidata-bugs, aude, Lydia_Pintscher, Mbch331
Cc: Aklapper, Michael, Nandana, Lahi, Gq86, GoranSMilovanovic, QZanden, LawExplorer, _jensen, D3r1ck01, Jonas, Wikidata-bugs, aude, Lydia_Pintscher, Mbch331
_______________________________________________ Wikidata-bugs mailing list Wikidata-bugs@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/wikidata-bugs