As a tool developer, I want to write tools that work as expected without extra implementation effort and privileges required; as a tool user, I expect a tool that creates or edits entities on my behalf to add those entities to my watchlist if my user settings say to add created/edited pages to the watchlist.
Problem:
@KaMan reported over half a year ago that, when the Wikidata Lexeme Forms tool creates a new lexeme, the page is not added to the user’s watchlist even if the user has the “Add pages I create and files I upload to my watchlist” preference enabled, and I think I’ve finally figured out why this happens (while looking at the related code due to T213725). This is the code in Wikibase (in SubmitEntityAction): that updates the watchlist:
/** * Update watchlist. * * @param Title $title */ private function doWatch( Title $title ) { $user = $this->getUser(); if ( $user->isLoggedIn() && $user->getOption( 'watchdefault' ) && !$user->isWatched( $title ) ) { WatchAction::doWatch( $title, $user ); } }
And this is the WatchAction function that MediaWiki core itself uses (e. g. in EditPage::updateWatchlist()):
/** * Watch or unwatch a page * @since 1.22 * @param bool $watch Whether to watch or unwatch the page * @param Title $title Page to watch/unwatch * @param User $user User who is watching/unwatching * @return Status */ public static function doWatchOrUnwatch( $watch, Title $title, User $user ) { if ( $user->isLoggedIn() && $user->isWatched( $title, User::IGNORE_USER_RIGHTS ) != $watch ) { // If the user doesn't have 'editmywatchlist', we still want to // allow them to add but not remove items via edits and such. if ( $watch ) { return self::doWatch( $title, $user, User::IGNORE_USER_RIGHTS ); } else { return self::doUnwatch( $title, $user ); } } return Status::newGood(); }
Notice that it adds the IGNORE_USER_RIGHTS flag, because “if the user doesn’t have editmywatchlist (e. g. because the OAuth consumer in use does not include the editmywatchlist grant), we still want to allow them to add … items via edits”. I think this is exactly the bit that’s missing in Wikibase, which is why edits from Wikidata Lexeme Forms don’t end up on the watchlist.
BDD
GIVEN the user is using an OAuth consumer or bot password that does not include the “Edit your watchlist” grant, e. g. Wikidata Lexeme Forms (consumer)
WHEN an entity is created or edited
THEN it is added to the user’s watchlist according to the user’s settings.
Acceptance criteria
- Creating or editing pages through OAuth does the right thing (see BDD and rest of task)
- Check other related code (calls to User::isWatched()) whether they should also be updated even if they’re not directly related to OAuth editing