Wikimedia Developer Support

Permissiondenied on rollback API

rollback
api
mediawiki

#1

(Private activity, I just can’t be bothered to create a non-work account right now, sorry.)

I’m working on a tool to patrol recent changes, which includes making API calls to rollback some edits. Python snippet:

    session = authenticated_session()
    token = session.get(action='query',
                        meta='tokens',
                        type='rollback')['query']['tokens']['rollbacktoken']
    results = session.get(action='query',
                          revids=[str(id)],
                          prop='revisions',
                          rvprop='user',
                          formatversion='2')
    for page in results['query']['pages']:
        pageid = page['pageid']
        user = page['revisions'][0]['user']
        break
    session.post(action='rollback',
                 pageid=pageid,
                 user=user,
                 token=token)

However, I’m getting the following error:

mwapi.errors.APIError: permissiondenied: The action you have requested is limited to users in one of the groups: *, [[Wikidata:Users|Users]].

This doesn’t make any sense to me. The session I’m using to make this request is authenticated (I can verify this with a manual call to action=query&meta=userinfo), and the user account has the rollback right (the tool explicitly verifies this with a call to action=query&meta=userinfo&uiprop=rights). Furthermore, surely my account would be considered both a “user” and an “anything”, which I assume must be what the * means?

I tried looking through the MediaWiki source, but couldn’t figure out where this error is being thrown. Does anyone have a clue what’s going on? (The wiki is Wikidata, if it matters, and specifically I’m testing with revision 820157734.)


#2

Well, rollback is definitely not available to all users so that error message is a bug. (Or is that configured differently for Wikidata?) As for the error itself, I’d guess your bot has limited permissions (it uses a bot password or OAuth login).


#3

Rollback on Wikidata is limited to the rollbackers group, in which I’m a member (per request). My tool uses OAuth, and the consumer has the “rollback” grant.


#4

I tried logging out and back in again on Wikidata, and re-authenticating via the tool, just in case my group memberships were being cached somewhere in some session, but it didn’t help.


#5

In any case an OAuth tool’s session has nothing to do with your web session.

Can you try making a request with the X-Wikimedia-Debug header?


#6

Done. Request ID is XCdQFApAAC4AACCVgFcAAAAK, debug log is copied to ~lucaswerkmeister-wmde/XWikimediaDebug.log on mwlog1001 (because /srv/mw-log/XWikimediaDebug.log looks like the next debug request will overwrite it).


#7

The problem is that your OAuth consumer has rollback but not edit and WikiPage::doRollback() checks for both. (The weird “*, users” error message is because the edit right is assigned to those groups).


#8

Ah, okay, thanks for figuring it out! I think it makes more sense to continue the discussion on Phabricator now, so I’ve filed T212851.