Closed Bug 1171988 Opened 9 years ago Closed 7 years ago

Restrict API actions by role

Categories

(developer.mozilla.org Graveyard :: BrowserCompat, defect)

Product:
developer.mozilla.org Graveyard
Component:
BrowserCompat
Type:
defect
Priority:
Not set
Severity:
major

Tracking

(Not tracked)

Status:
RESOLVED WONTFIX

People

(Reporter: jwhitlock, Unassigned)

References

Details

(Whiteboard: [bc:infra][bc:milestone=car]) 

What problem would this feature solve?
======================================
Compatibility data is planned to appear on many MDN pages, and eventually on other sites.  New users could add data that appears on many pages.  This will make it a target for spammers. Also, well-meaning users could add data without an understanding of how the data is used, requiring additional moderation.

Who has this problem?
=====================
Core contributors to MDN

How do you know that the users identified above have this problem?
==================================================================
MDN currently restricts some actions, such as editing KumaScript, for items that appear on many pages.

How are the users identified above solving this problem now?
============================================================
The API currently has loose permissions, but it has some permissions, such as restricting deletes.  It is also unknown, unused, and user signup is difficult.

Do you have any suggestions for solving the problem? Please explain in detail.
==============================================================================
Django REST Framework has some built-in restrictions based on Django groups.  This can be augmented to add restrictions at the property level.

Is there anything else we should know?
======================================
The work for this task will probably be split into several bugs, as the discussion continues.

Stephanie Hobson started the detailed discussion on the mdn mailing list, collecting data in an etherpad:

https://groups.google.com/forum/#!topic/mozilla.mdn/xjVbB9d60xg
https://etherpad.mozilla.org/AR4vvX3dAA
Blocks: 996570
Component: General → BrowserCompat
Severity: enhancement → major
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: in-triage
OS: Other → All
Summary: [Compat Data] Restrict API actions by role → Restrict API actions by role
Whiteboard: [specification][type:feature] → [bc:infra]
Mentor: jwhitlock
Whiteboard: [bc:infra] → [bc:infra][bc:milestone=motorbike]
Whiteboard: [bc:infra][bc:milestone=motorbike] → [bc:infra][bc:milestone=car]
Mentor: jwhitlock
The BrowserCompat project is canceled.  See https://github.com/mdn/browsercompat for current effort. Bulk status change includes the random word TEMPOTHRONE.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → WONTFIX
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.