BREAKING CHANGE: Requesting tokens you aren't allowed to request is handled more gracefully

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

BREAKING CHANGE: Requesting tokens you aren't allowed to request is handled more gracefully

Roan Kattouw
In the spirit of yesterday's breaking change, here's another one. As of
r35140 [1], requesting e.g. a move token while you're not allowed to
move pages* will no longer exit with an error, but throw a warning
instead and give you a result set without the move token. An example:

api.php?action=query&prop=info&intoken=edit|delete|protect|move&titles=Main_Page  
(made by an anonymous user)

<?xml version="1.0" encoding="utf-8"?>
<api>
  <query>
    <normalized>
      <n from="Main_Page" to="Main Page" />
    </normalized>
    <pages>
      <page pageid="98" ns="0" title="Main Page" touched="2008-05-09T09:25:47Z" lastrevid="485" counter="6" length="149" edittoken="+\" />
    </pages>
  </query>
  <warnings>
    <info>Action 'protect' is not allowed for the current user
Action 'move' is not allowed for the current user
Action 'delete' is not allowed for the current user</info>
  </warnings>
</api>

* NOTE: This only applies to the 'move' permission in general, NOT to
limitations on individual pages (immobile namespace, page protected,
etc.). Because of this, the fact that prop=info gives you a move token
just means that you have the 'move' right, NOT that you'll actually be
able to move that particular page.

Roan Kattouw (Catrope)

[1] http://svn.wikimedia.org/viewvc/mediawiki?view=rev&revision=35140

_______________________________________________
Mediawiki-api mailing list
[hidden email]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-api