Wikimedia Developer Support

Permissiondenied on rollback API



(Private activity, I just can’t be bothered to create a non-work account right now, sorry.)

I’m working on a tool to patrol recent changes, which includes making API calls to rollback some edits. Python snippet:

    session = authenticated_session()
    token = session.get(action='query',
    results = session.get(action='query',
    for page in results['query']['pages']:
        pageid = page['pageid']
        user = page['revisions'][0]['user']

However, I’m getting the following error:

mwapi.errors.APIError: permissiondenied: The action you have requested is limited to users in one of the groups: *, [[Wikidata:Users|Users]].

This doesn’t make any sense to me. The session I’m using to make this request is authenticated (I can verify this with a manual call to action=query&meta=userinfo), and the user account has the rollback right (the tool explicitly verifies this with a call to action=query&meta=userinfo&uiprop=rights). Furthermore, surely my account would be considered both a “user” and an “anything”, which I assume must be what the * means?

I tried looking through the MediaWiki source, but couldn’t figure out where this error is being thrown. Does anyone have a clue what’s going on? (The wiki is Wikidata, if it matters, and specifically I’m testing with revision 820157734.)


Well, rollback is definitely not available to all users so that error message is a bug. (Or is that configured differently for Wikidata?) As for the error itself, I’d guess your bot has limited permissions (it uses a bot password or OAuth login).


Rollback on Wikidata is limited to the rollbackers group, in which I’m a member (per request). My tool uses OAuth, and the consumer has the “rollback” grant.


I tried logging out and back in again on Wikidata, and re-authenticating via the tool, just in case my group memberships were being cached somewhere in some session, but it didn’t help.


In any case an OAuth tool’s session has nothing to do with your web session.

Can you try making a request with the X-Wikimedia-Debug header?


Done. Request ID is XCdQFApAAC4AACCVgFcAAAAK, debug log is copied to ~lucaswerkmeister-wmde/XWikimediaDebug.log on mwlog1001 (because /srv/mw-log/XWikimediaDebug.log looks like the next debug request will overwrite it).


The problem is that your OAuth consumer has rollback but not edit and WikiPage::doRollback() checks for both. (The weird “*, users” error message is because the edit right is assigned to those groups).


Ah, okay, thanks for figuring it out! I think it makes more sense to continue the discussion on Phabricator now, so I’ve filed T212851.