Issue using IntraACL with Visual Editor MediaWiki Extension #53
Comments
|
Do you have |
|
from my point of view VE & parsoid is a rather perverted and useless thing ))) but of course I also tried it out )) it should work with forwardCookies |
|
Hello Vitaliy, Thanks for getting back. Yes it's already set to true: $wgVirtualRestConfig['modules']['parsoid']['forwardCookies'] = true; I'm inclined to agree, Parsoid is a very difficult and unintuitive thing to set up. Just for info, here's the rest of our LocalSettings.php options connected to Visual Editor and Parsoid: require_once "$IP/extensions/VisualEditor/VisualEditor.php"; // Enable by default for everybody // Don't allow users to disable it // OPTIONAL: Enable VisualEditor's experimental code features // URL to the Parsoid instance // Interwiki prefix to pass to the Parsoid instance See if we can get rid of the 'add a comment dialog'$wgVisualEditorUseChangeTagging = false; // This feature requires a non-locking session store. The default session store will not work and // WARNING: ONLY enable this on private wikis and ONLY IF you understand the SECURITY IMPLICATIONS If you have any other thoughts do let me know. thanks again |
|
Hm... it seems parsoid does not forward user cookie back to MediaWiki when requesting revision content. So IntraACL of course denies access to anonymous user. this could be fixed by removing (&& !User::isEveryoneAllowed('read')) condition at line 79 of ApiVisualEditor.php in VisualEditor extension, but when I remove it on my wiki, Parsoid is unable to do MW api requests. I tried to understand WHY it's unable, but in last 20 minutes I didn't succeed O_O the HTTP request from nodejs to MediaWiki (apache2 behind nginx) just hangs, it looks like nodejs closes the connection by itself before receiving the request!!! The same request done with browser or with netcat completes without problem. The request is: GET /wiki/api.php?format=json&action=query&meta=siteinfo&siprop=namespaces%7Cnamespacealiases%7Cmagicwords%7Cfunctionhooks%7Cextensiontags%7Cgeneral%7Cinterwikimap%7Clanguages%7Cprotocols%7Cspecialpagealiases&rawcontinue=1 HTTP/1.1 |
|
So is there any way by which we can use Visualeditor with IntraACL? |
|
Yes, we have to patch one line in Visual Editor. I just preparing to publish deployement scripts of MediaWiki4Intranet by Vagrant+Ansible, where IntraACL and VisualEditor works together. |
|
"I just preparing to publish deployement scripts of MediaWiki4Intranet by Did not understand this. Also I have 1 more query. There is one "File List" page. This page is not So am I missing something here or is it a developing feature? Thanks, On Sat, Sep 10, 2016 at 2:03 AM, Stas Fomin [email protected]
|
That was slightly offtopic. Stas should push his fix to https://github.com/mediawiki4intranet/mediawiki-extensions-VisualEditor/commits/master and then switch the repository in configs/mediawiki4intranet.ini Afaik it's the same fix as in my above comment:
This looked like the proper fix from the beginning, but it didn't work when I checked it previous time. I'll recheck if it works with newer versions of VE.
First of all, are you saying the page is NOT protected? :) obviously anyone can read it if it's not protected :) Secondly, files in MediaWiki aren't "attachments to pages", they are globally named and independent entities. So if you want to protect files with IntraACL, you should create ACLs for File: namespace, files themselves or place them into a protected category. |
|
Hi, After making suggested changes i.e. removing code from line 79. I am still On browser I am getting 'error loading data from And in parsoid logs: On Wed, Sep 14, 2016 at 1:27 AM, Vitaliy Filippov [email protected]
|
|
Oh shit! I've found the problem with "hanging" nodejs mediawiki API requests with VisualEditor fix applied.
Bang, a deadlock. PHP and nodejs are waiting for each other. |
|
|
OK, I've committed the session lock fix into mediawiki4intranet bundle. I.e. you can use If you want to install the fix manually (without mediawiki4intranet bundle) you need this patch to mediawiki core: mediawiki4intranet/core@7233161 (this one is for 1.26), and also patches for ConfirmEdit and OpenID extensions if you have them installed (or they'll be broken): mediawiki4intranet/ConfirmEdit@be1cc8b and mediawiki4intranet/OpenID@5425b2a and this patch for VisualEditor: mediawiki4intranet/mediawiki-extensions-VisualEditor@cfa7274 (or just install it from here: https://github.com/mediawiki4intranet/mediawiki-extensions-VisualEditor/commits/REL1_26_INTRAACL) P.S: I've also made a repository with docker images for mediawiki4intranet. There are 2 versions - with and without VE. You can also try it out: https://github.com/mediawiki4intranet/docker (it's really the simplest way to install mediawiki4intranet) |
|
I saw your detailed comment on how to debug/fix this. Thx! |
|
Is this still relevant for 1.27? I noticed there were several deprecation hints in the functions you were patching (and they were radically different). |
|
I'm pretty sure yes. Functions may be different, but I don't think something changed in MW session handling... In fact, the problem is funny: everyone uses PHP and nobody usually cares about session locks :) |
|
Seems like, at least for 1.27 and onwards, they are in the process of overhauling their session management system, so a lot of those patches mentioned in your comment are irrelevant :-( Which is a shame as I am still experiencing deadlocks within PHP when using Visual Editor + IntraACL. |
|
It appears those patches are no longer necessary for MediaWiki >= 1.27. The bug I was experiencing was completely unrelated. :-) |
Hello,
We have installed IntraACL and it appears to be working fine except when we try to use Visual Editor on a page already protected by IntraACL.
As soon as we hit the 'Edit' button we get an error saying
"Error loading data from server: parsoidserver-http-bad-status: 404: Did not find page revisions for Systems/Photoshop. Would you like to retry?"
The issue goes away if I grant 'All Users' full access to the protected page we are trying to edit. This isn't ideal as a normal user will be able to view a protected page whilst it's being edited.
We also use a plugin called PwAuthPlugin which pulls down passwords/authentication directly from Active Directory.
Visual Editor relies on a server called Parsoid, this (and all the processes it governs like, nodejs, npm and pm2 etc) is governed by the root user on our Centos server.
I just wanted to find out if anyone else has experienced this issue before and has a fix. With all the different combinations of Extensions we have I'm not confident there's a fix for this and we'll have to use the workaround above.
Thanks
The text was updated successfully, but these errors were encountered: