Closed Bug 731649 Opened 13 years ago Closed 13 years ago

kuma: Access controls for editing Template:* pages

Categories

(developer.mozilla.org Graveyard :: Editing, defect)

Product:
developer.mozilla.org Graveyard
Component:
Editing
Platform:
x86
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: lorchard, Assigned: lorchard)

References

Details

(Whiteboard: u=admin c=wiki s=2012-04-10 t=2012-04-17 p=2)

Pages whose slugs match the pattern "Template:*" are semi-trusted, wiki-editable code that runs on the server. Editing (and viewing?) these pages should be protected by access control and limited to a set of trusted site editors. These editors need not be Mozilla employees exclusively, but they should be very unlikely to vandalize or attempt to otherwise harm MDN.
Blocks: 710713
Blocks: 659364
No longer blocks: 710713
I cringe at every mention of "Access controls" ... in this case do we think django's "is_staff" access level is suitable for this?
(In reply to Luke Crouch [:groovecoder] from comment #1) > I cringe at every mention of "Access controls" ... in this case do we think > django's "is_staff" access level is suitable for this? is_staff might be suitable, if we're comfortable setting it for non-employees. But, we can probably do this with standard Django permissions & groups.
Quick mental notes unless I get to this: * Add Django permission for wiki app, eg. "Can edit Templates" * Enforce this permission in the wiki app view * Create a Django group with this permission, add trusted editors to the group
Check this when creating/editing/deleting any Template: document.
Whiteboard: u=admin c=wiki s=2012-04-10 t=2012-04-10 p=2
No one scooped this up yet, so I might take a crack at it tomorrow and take a break from kumascript for a few hours.
Assignee: nobody → lorchard
Summary: kumascript: Access controls for editing Template:* pages → kuma: Access controls for editing Template:* pages
Commits pushed to master at https://github.com/mozilla/kuma https://github.com/mozilla/kuma/commit/47e0bdeb44adc14aefd96b1db2dccf21d80dd225 bug 731649: Access controls for editing Template:* pages * Add {add,change}_template_document permissions to wiki model * Enforce template permissions in model and view * Bugfix for edit button on document view, would appear for edit permission but not revision permission * South migration to create the new permissions * Remove duplicate 0007 south migration * Tests for model and view https://github.com/mozilla/kuma/commit/8b1a0b10304b4f3d56568da18050de6c9bfec367 bug 731649: Accept initial ?slug in new_document, use ACE editor if it starts with Template: https://github.com/mozilla/kuma/commit/58056d956d8b1ff78e19e1a7cf583875dfacaef9 Merge pull request #155 from lmorchard/bug-731649-template-permissions Fix Bug 731649 template permissions
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Whiteboard: u=admin c=wiki s=2012-04-10 t=2012-04-10 p=2 → u=admin c=wiki s=2012-04-10 t=2012-04-17 p=2
Version: MDN → unspecified
Component: Docs Platform → Editing
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in before you can comment on or make changes to this bug.