Flow bypasses a lot of core's Exception.php, so its exceptions work differently. For example, insufficient permissions or invalid action in a Flow URL on mediawiki.org should not display an errorbox containing a Fatal exception (which isn't Fatal and I think isn't counted as an exception). For example
https://www.mediawiki.org/w/index.php?title=Talk:Sandbox&topic_postId=rp7uid68p0ilj5pj&workflow=rp7to9rygxadbohw&action=edit-post
and
https://www.mediawiki.org/w/index.php?title=Talk:Sandbox&topic_postId=rp7uid68p0ilj5pj&workflow=rp7to9rygxadbohw&action=sdfasdf
Furthermore core exceptions provide more helpful information
E.g. http://ee-flow.wmflabs.org/wiki/User_talk:Maryana?topic_postId=rpj2adfchnuuw94c&workflow=rpj2adf69649ji98&action=edit-post
prints
Internal error Insufficient permissions to access the content. <a stack trace (or a pink errorbox)>
whereas http://ee-flow.wmflabs.org/wiki/MediaWiki:welcomeuser?action=delete gives a helpful
Permission error You do not have permission to delete this page, for the following reasons: The action you have requested is limited to users in the group: Administrators.
I think most Flow exception classes could inherit from core's ErrorPageError and just pass a suitable title and 'flow-error-' . $flowErrorKey, plus any additional useful debugging information in __construct. Meanwhile PermissionException could inherit from PermissionsError andthrowers should pass it the failed permission ('flow-edit-post', etc.), and Flow.i18n.php should have messages for 'action-flow-edit-post', 'action-flow-suppress-topic', etc.
I added a bunch of comments to https://gerrit.wikimedia.org/r/#/c/116631/1/includes/Exception/ExceptionHandling.php regarding this point. If I'm misguided then that file should have a comment explaining why it's done the way it is.
Version: master
Severity: normal
See Also:
https://bugzilla.wikimedia.org/show_bug.cgi?id=70497