A partial archive of https://discourse-mediawiki.wmflabs.org as of Saturday May 21, 2022.

Error- Permissiondenied to rollback edits made to a page(API:Rollback)

Didicodes

I am an outreachy applicant working on the Outreachy Round 18: Documentation improvements to the ~20 top 70 most viewed MediaWiki Action API pages on-wiki project.

I have been working on improving the documentation of API:Rollback. The documentation states that rolling back a page requires an edit right and a rollback right.
At first, I started out with retrieving the rollback token then sending a POST request to roll back the given page (in my case Main_Page) using action=rollback which did not give me exactly what I wanted. So I decided to dig deeper then I realized that in order to roll back a page you need to have access to edit that page and if you want to edit a page, you need to be logged in first. So I added codes to retrieve a login token, a CSRF token and sent a post request to edit the Main Page. But it produced an error saying that the page was protected and I wasn’t allowed to edit it. I was curious on how the person who developed sample codes for the API: EDIT was able to edit a page without this errors so I looked at the sample codes for API:Edit and realized that the developer achieved this by editing a Sandbox page which is not protected and I was able to solve that error.

This is the error
{'error': {'code': 'permissiondenied', 'info': 'The action you have requested is limited to users in one of the groups: [[Wikipedia:Administrators|Administrators]], [[Wikipedia:Rollbackers|Rollbackers]].', '*': 'See https://test.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.'}, 'servedby': 'mw1288'}

My code snippet.

#!/usr/bin/python3

"""
    rollback.py

    MediaWiki Action API Code Samples
    Demo of `rollback` module: Sending post request to roll
    back the last edits made to the given page.

    MIT license
"""

import requests

S = requests.Session()

URL = "https://test.wikipedia.org/w/api.php"

# Step 1: Retrieve a login token
PARAMS_1 = {
    "action": "query",
    "meta": "tokens",
    "type": "login",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS_1)
DATA = R.json()

LOGIN_TOKEN = DATA['query']['tokens']['logintoken']

# Step 2: Send a POST request to log in. For this login
PARAMS_2 = {
    "action": "login",
    "lgname": "user_name",
    "lgpassword": "password",
    "format": "json",
    "lgtoken": LOGIN_TOKEN
}

R = S.post(URL, data=PARAMS_2)
DATA = R.json()

# Step 3: While logged in, retrieve a CSRF token
PARAMS_3 = {
    "action": "query",
    "meta": "tokens",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS_3)
DATA = R.json()

CSRF_TOKEN = DATA["query"]["tokens"]["csrftoken"]

# Step 4: POST request to edit a page
PARAMS_3 = {
    "action": "edit",
    "title": "Sandbox",
    "token": CSRF_TOKEN,
    "format": "json",
    "appendtext": "Hello"
}

R = S.post(URL, data=PARAMS_3)
DATA = R.json()

# Step 5: Retrieve a rollback token
PARAMS_4 = {
    "action": "query",
    "meta": "tokens",
    "type": "rollback",
    "format": "json"
}

R = S.get(url=URL, params=PARAMS_4)
DATA = R.json()
ROLLBACK_TOKEN = DATA['query']['tokens']['rollbacktoken']

# Step 5: POST request to rollback a page
PARAMS_5 = {
	"action": "rollback",
	"prop": "revisions",
	"title": "Sandbox",
	"token": ROLLBACK_TOKEN,
	"user": "K6ka",
	"markbot": 1,
    "format": "json"
}

R = S.post(URL, data=PARAMS_5)
DATA = R.json()

print(DATA)

My question: Is this how far I can go with this? Can I be added to the Rollbackers group in order to achieve this? Are there any other ways to work around this?
I would really appreciate any help I can get. Thank you!

Tgr

Sure, added you to rollbackers.

Didicodes

Hello @Tgr Thank you for adding me to the rollbackers group. I had to run the code again on command prompt just to be sure it works just fine but it still raised the same error:
{'error': {'code': 'permissiondenied', 'info': 'The action you have requested is limited to users in one of the groups: [[Wikipedia:Administrators|Administrators]], [[Wikipedia:Rollbackers|Rollbackers]].', '*': 'See https://test.wikipedia.org/w/api.php for API usage. Subscribe to the mediawiki-api-announce mailing list at <https://lists.wikimedia.org/mailman/listinfo/mediawiki-api-announce> for notice of API deprecations and breaking changes.'}, 'servedby': 'mw1282'}

But I tried testing it out here and it worked! Even though it raised an error that the page has already been rolled back it also signifies that I actually have access to rollback a page.

Why can’t it work when I run the codes in command prompt?
I know you added me to the rollbackers group :grinning: can I also be granted an edit right?:sunglasses: so that I can actually use the Main Page for my example and not the Sandbox page. I am using the test API URL = “MediaWiki API help - Test Wikipedia” so I dont think it the Main page will be affected in any way.
Thank you

Didicodes

I officially rolled back my first page :woman_technologist::woman_technologist:
Link avaliable here

Tgr

You should be able to edit most pages. The main page is one of the few that contain real information, so best not edit that.

The script has probably problems with logging in? It’s always a good idea to check whether the response contains any error. You can also use the userinfo API to check your status.

Didicodes

Okay. I understand.
Yes. You are right. There are two methods to authentication when using API:Login. Either through BotPassword or a ClientLogin. In the code samples above, I used the Botpassword authentication method which does not have the ability to log in a user to the main account. If I use the ClientLogin authentication method, everything would work well in the command prompt.
Thank you for your help so far!

Tgr

Using action=login is fine in theory, that’s the preferred login method for non-interactive clients. But you might be using the wrong password, or a bot password with restricted permissions…

srishakatux

@Didicodes you should update your bot permissions from here https://test.wikipedia.org/wiki/Special:BotPasswords and grant it specific rights to allow rollback changes to pages.

Didicodes

Okay. I see! Thank you @Tgr

Didicodes

@srishakatux I created a bot and granted it the permission to roll back a page. Then I updated my codes to include the newly created bot and the password like you recommended. Everything works well now on the command prompt. Thank you!