Page MenuHomePhabricator
Create Task
Maniphest T264150

User needs to request access to IP information [L]
Closed, ResolvedPublic
Actions

Assigned To
STran
Authored By
Niharika
Sep 30 2020, 5:25 AM
Tags
Referenced Files
F34738268: Screen Shot 2021-11-08 at 2.42.40 PM.png
Nov 8 2021, 7:43 PM
F34738269: Screen Shot 2021-11-08 at 2.40.36 PM.png
Nov 8 2021, 7:43 PM
F34693760: image.png
Oct 18 2021, 10:09 AM
F34693762: image.png
Oct 18 2021, 10:09 AM
F34646472: image.png
Sep 17 2021, 10:37 PM
F34619771: image.png
Aug 25 2021, 3:59 PM
Subscribers
Aklapper
imaigwilo
Metaverse
Niharika
phuedx
Prtksxna
Tokens
"Stroopwafel" token, awarded by Prtksxna.

Description

Goal

Per Legal, to grant IP Information to a user we need to have them explicitly request it for anti-vandalism purposes. This can be done via a simple check-box/accept button in the interface where they acknowledge they need IP information for anti-vandalism work.
Once the user has acquired access to the IP information, they will continue to have access for all future cases unless either:

  1. they give up their own access in preferences
  2. there is a need for re-permissioning due to Legal reasons

The purpose for this task is to implement a way for the user to be able to acknowledge they need IP information access for anti-vandalism work.
Once the user has acknowledged that, we will store their username as having IP information access in the database (T263756). We will allow the user to revoke the permission in their preferences if they need to do so (T264151).

Spec
1. From Special:Preferences2. From the IP Information accordion
image.png (444×1 px, 45 KB)
image.png (696×1 px, 66 KB)
  • There are two conditions that need to be met before the IP Information accordion displays information for the user:
    • User needs to enable the tool
    • User needs to accept to the terms of the tool
  • These are represented by two checkboxes in Special:Preferences, under the "User Profile tab" (see mock 1)
    • 1. Show the IP Information tool on Special:Contributions page for IP addresses.
    • 2. I agree to use this information for my patrolling and anti-vandalism work.
  • The user cannot agree to the terms without enabling the tool. The second checkbox is disabled until the first checkbox is checked.
  • If only the first checkbox is checked and the second one is unchecked, the user sees the agreement in the accordion on Special:Contribs (see mock 2). Once the user agrees to the terms, the preference is updated and the user can see the IP Information.
  • If the feature is not enabled (neither preference is checked), the accordion does not appear on Special:Contribs.
  • The IP Info popup does not appear anywhere unless both preferences are checked (tool is enabled and term have been agreed to).
Things to note (not part of this task):
  • T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse
  • If a user’s permission is revoked by us, they should not be able to activate it again
  • Legal would like us to capture who had access to IP Info at any given time in case an incident occurs
  • There is a possibility that users might need to regain access periodically (TBD)
  • There is a possibility that the wording on the agreement might change, based on Legal review.

Details

SubjectRepoBranchLines +/-
Add use agreement form on infoboxmediawiki/extensions/IPInfomaster+115 -35
Customize query in gerrit

Related Objects
Search...

Event Timeline

Niharika triaged this task as Medium priority.Sep 30 2020, 5:25 AM
Niharika created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptSep 30 2020, 5:25 AM
Niharika renamed this task from [Design] User needs to request access to IP information to User needs to request access to IP information.Sep 30 2020, 5:26 AM
Niharika mentioned this in T263756: Create a table to store which users have access to IPInfo, and the timestamp when access was granted [L].
Niharika mentioned this in T263752: Add a user preference for access to IP Info .
Niharika mentioned this in T264151: User needs to be able to revoke their access to IP information.Sep 30 2020, 5:46 AM
Niharika updated the task description. (Show Details)Sep 30 2020, 5:50 AM
Niharika moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.Oct 7 2020, 5:42 AM
Niharika updated the task description. (Show Details)Oct 7 2020, 3:56 PM
Niharika mentioned this in T264795: Decide how we want to store how we log which users have access to IP Info [8 hours].Oct 7 2020, 4:31 PM
ARamirez_WMF renamed this task from User needs to request access to IP information to User needs to request access to IP information [8H].Oct 7 2020, 4:41 PM
Niharika moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.Oct 7 2020, 4:48 PM
Niharika renamed this task from User needs to request access to IP information [8H] to User needs to request access to IP information .Oct 7 2020, 4:55 PM
Niharika moved this task from Cards ready for development to Triage/To be Estimated on the Anti-Harassment board.
Tchanders mentioned this in T260822: Security review of IP Info extension.Nov 2 2020, 1:17 PM
Tchanders mentioned this in T260821: Performance review of IP Info extension.Nov 2 2020, 2:48 PM
Niharika added a comment.Dec 2 2020, 4:51 PM

This task is on hold until late Q3/early Q4.

Niharika updated the task description. (Show Details)Aug 25 2021, 3:59 PM
Niharika moved this task from Backlog to Up Next on the IP Info board.
Metaverse subscribed.Aug 28 2021, 9:37 PM
Niharika updated the task description. (Show Details)Sep 1 2021, 3:59 AM
Niharika added parent tasks: T285977: IP Info, T287647: IP Information accordion on Special:Contribs.Sep 15 2021, 2:28 AM
Niharika updated the task description. (Show Details)Sep 17 2021, 10:37 PM
STran mentioned this in T291582: Implement condition agreements in Special:Preferences [M].Sep 22 2021, 4:45 PM
phuedx added a subtask: T291582: Implement condition agreements in Special:Preferences [M].Sep 22 2021, 4:48 PM
ARamirez_WMF renamed this task from User needs to request access to IP information to User needs to request access to IP information [L].Sep 22 2021, 5:06 PM
ARamirez_WMF moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.
STran claimed this task.Sep 23 2021, 9:28 AM
STran moved this task from Cards ready for development to The Letter Song on the Anti-Harassment board.
STran edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.
STran moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.
Niharika added a comment.Sep 24 2021, 5:37 AM

@STran if you could update the task description to indicate what's covered in this task and what's covered in T291582: Implement condition agreements in Special:Preferences [M], that would help QA.

phuedx subscribed.Sep 27 2021, 10:15 AM

During the last AHT: Estimation & Planning meeting, I gave an overview of how to change a user's preferences in JS and in PHP. Here are links to relevant documentation as well as some snippets:

Documentation

It's also worth noting here that user preferences are stored in the user_properties table and we interact with that table programmatically via classes/methods that refer to them as options.

Snippets

JS
// Read
const fooOption = mw.user.options.get( 'foo' );

// Write
//
// Notes:
// 
// - Make sure that your ResourceLoader module depends on the `mediawiki.api` module.
// - See https://gerrit.wikimedia.org/g/mediawiki/core/+/33cd0740f76e55777081f994c936439bc541f6d6/resources/src/mediawiki.api/options.js
//   for the definitions of mw.Api.prototype.saveOption() and .saveOptions().
const api = new mw.Api();

api.saveOption( 'foo', 'bar' );
api.saveOptions( {
  foo: 'bar',
  baz: 'qux'
)
PHP
<?php

$userOptionsManager = MediaWikiServices::getInstance( 'UserOptionsLookup' );

// Read
$userOptionsManager->getOption( $user, 'foo' );

// Write
//
// Notes:
// - UserOptionsManager::saveOptions() MUST be called for non-default properties to be persisted to the `user_properties` table.
$userOptionsManager->setOption( $user, 'foo' );
$userOptionsManager->saveOptions( $user );
phuedx mentioned this in T291827: Create IPInfo access manager.Sep 27 2021, 12:45 PM
phuedx mentioned this in T291854: Create revoke user access maintenance script.Sep 27 2021, 5:11 PM
phuedx moved this task from Up Next to In Progress on the IP Info board.Sep 27 2021, 6:09 PM
STran moved this task from In Progress 💪 to Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) on the Anti-Harassment (The Letter Song) board.Sep 29 2021, 9:10 AM
STran moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.Oct 4 2021, 6:06 PM
phuedx mentioned this in T292755: Epic: IP Info access.Oct 7 2021, 3:03 PM
Niharika mentioned this in T292802: IP Info feature should be made available as a Beta feature for launch [M].Oct 7 2021, 11:20 PM
phuedx removed a subtask: T291827: Create IPInfo access manager.Oct 8 2021, 1:34 PM
phuedx removed a subtask: T291854: Create revoke user access maintenance script.Oct 8 2021, 1:38 PM
phuedx edited parent tasks, added: T292755: Epic: IP Info access; removed: T287647: IP Information accordion on Special:Contribs, T285977: IP Info.
Niharika closed subtask T291582: Implement condition agreements in Special:Preferences [M] as Resolved.Oct 9 2021, 1:23 AM
gerritbot added a comment.Oct 11 2021, 1:19 PM

Change 729983 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/IPInfo@master] [WIP] Add use agreement form on infobox

https://gerrit.wikimedia.org/r/729983

gerritbot added a project: Patch-For-Review.Oct 11 2021, 1:19 PM
gerritbot added a comment.Oct 11 2021, 3:42 PM

Change 730017 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/IPInfo@master] Save user preference for infobox state

https://gerrit.wikimedia.org/r/730017

STran moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Oct 11 2021, 6:54 PM
STran added a subscriber: Prtksxna.Oct 18 2021, 10:09 AM

@Prtksxna Is there a standard spacing? Without styling, this is what I've got for the form so far:

image.png (186×778 px, 21 KB)

And I stubbed something out if it helps:

image.png (224×773 px, 22 KB)

STran moved this task from Code Review 🔍 to Needs Design/Product 🎨 on the Anti-Harassment (The Letter Song) board.Oct 19 2021, 1:37 PM
Prtksxna added a comment.Oct 20 2021, 3:18 AM

@STran as far as I know OOUI comes with the required standard spacing, like the one we see in Special:Preferences. I might be wrong, but I think you get it for free when you use FormLayout or FieldLayout or something.

STran added a comment.Oct 20 2021, 5:50 PM

Ah only if you use it correctly though 😂 Thank you for confirming I was holding it wrong. 🙇

STran moved this task from Needs Design/Product 🎨 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Oct 20 2021, 5:54 PM
Prtksxna awarded a token.Oct 21 2021, 2:45 AM
STran moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Oct 26 2021, 4:12 PM
STran moved this task from QA/Testing 🐞 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Oct 26 2021, 4:26 PM
ARamirez_WMF moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Oct 28 2021, 3:37 PM
gerritbot added a comment.Oct 28 2021, 3:50 PM

Change 729983 merged by jenkins-bot:

[mediawiki/extensions/IPInfo@master] Add use agreement form on infobox

https://gerrit.wikimedia.org/r/729983

STran mentioned this in rEIPI92848be7cbe3: Add use agreement form on infobox.Oct 28 2021, 3:51 PM
ReleaseTaggerBot added a project: MW-1.38-notes (1.38.0-wmf.7; 2021-11-02).Oct 28 2021, 4:00 PM
QutieBot added a project: QTE-TestingOverview.Nov 3 2021, 4:13 PM
QutieBot moved this task from Inbox to Ima on the QTE-TestingOverview board.
imaigwilo subscribed.EditedNov 8 2021, 6:59 PM

Verified the requirement as listed in the acceptance criteria in the task description.
Test was done on supported desktop browsers (Firefox, Chrome, Opera, Safari, IE and Edge)

Note:

  1. We may need to force cleared cache when the IP permission is removed. When page is not refreshed a collapsed IP info box is still available to user.
  2. Is there a task to test, the super user, that can revoke IP privileges? Per this statment:

T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse

Screen shots:

Screen Shot 2021-11-08 at 2.42.40 PM.png (1×2 px, 299 KB)

Screen Shot 2021-11-08 at 2.40.36 PM.png (1×2 px, 500 KB)

imaigwilo moved this task from QA/Testing 🐞 to Done: Q2 2021-22 on the Anti-Harassment (The Letter Song) board.Nov 8 2021, 6:59 PM
phuedx added a comment.Nov 9 2021, 9:55 AM

T&S/Legal reserve the right to revoke a user’s access permissions in case of abuse

I think that's covered by T291854: Create revoke user access maintenance script.

Niharika closed this task as Resolved.Nov 11 2021, 8:55 PM
dom_walden mentioned this in T298977: Investigate setting IPInfo user preferences as Global Preferences.Jan 11 2022, 3:23 PM
Niharika moved this task from In Progress to Closed on the IP Info board.Aug 4 2022, 3:51 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL