Page MenuHomePhabricator
Files F37718562

0001-Don-t-expose-usernames-if-user-is-hidden.patch
jsn.sherman
Actions

Authored By
jsn.sherman
Sep 13 2023, 7:22 PM
Size
15 KB
Referenced Files
None
Subscribers
None

0001-Don-t-expose-usernames-if-user-is-hidden.patch
View Options

From fb217ef7f163f06cc44fe5921f7246c97e07f52a Mon Sep 17 00:00:00 2001
From: jsn <jsherman@wikimedia.org>
Date: Wed, 13 Sep 2023 12:45:58 -0500
Subject: [PATCH] Don't expose usernames if user is hidden
- Remove user_name and user info from 'pagetriagelist' API
- Add user_hidden field to 'pagetriagelist' API
- Modify pagetriage toolbar to handle cases where no username
is provided
- Modify Special:NewPagesFeed to gracefully handle cases where
the username is hidden
- Add a special case in the Special:NewPagesFeed vue version
for hidden usernames (where other information is availiable)
Bug: T344359
Change-Id: I5714f69a70909e3c3e7322e5f3be62d837e4d1cc
---
extension.json | 10 ++++-
includes/Api/ApiPageTriageList.php | 37 +++++++++++++++----
includes/SpecialNewPagesFeed.php | 2 +
.../components/ListContent.vue | 1 +
.../components/ListItem.vue | 7 +++-
.../models/ext.pageTriage.article.js | 7 +++-
.../ext.pageTriage.listItem.css | 5 +++
.../ext.pageTriage.listItem.underscore | 8 +++-
.../ext.pageTriage.views.toolbar/ToolView.js | 1 +
.../articleInfo.js | 10 ++++-
.../articleInfo.underscore | 8 +++-
modules/ext.pageTriage.views.toolbar/mark.js | 3 +-
modules/ext.pageTriage.views.toolbar/tags.js | 2 +-
.../ext.pageTriage.views.toolbar/wikiLove.js | 7 +++-
14 files changed, 91 insertions(+), 17 deletions(-)
diff --git a/extension.json b/extension.json
index 3895ce32..8da5a37c 100644
--- a/extension.json
+++ b/extension.json
@@ -15,7 +15,12 @@
"MediaWiki": ">= 1.41"
},
"APIModules": {
- "pagetriagelist": "MediaWiki\\Extension\\PageTriage\\Api\\ApiPageTriageList",
+ "pagetriagelist": {
+ "class": "MediaWiki\\Extension\\PageTriage\\Api\\ApiPageTriageList",
+ "services": [
+ "UserFactory"
+ ]
+ },
"pagetriagestats": "MediaWiki\\Extension\\PageTriage\\Api\\ApiPageTriageStats",
"pagetriageaction": {
"class": "MediaWiki\\Extension\\PageTriage\\Api\\ApiPageTriageAction",
@@ -239,6 +244,7 @@
"pagetriage-mark-as-unreviewed",
"pagetriage-info-title",
"pagetriage-byline",
+ "rev-deleted-user",
"pagetriage-byline-new-editor",
"pagetriage-articleinfo-byline",
"pagetriage-articleinfo-byline-new-editor",
@@ -390,6 +396,7 @@
"pagetriage-recreated",
"pagetriage-no-author",
"pagetriage-byline",
+ "rev-deleted-user",
"pagetriage-byline-new-editor",
"pagetriage-editcount",
"pagetriage-author-not-autoconfirmed",
@@ -602,6 +609,7 @@
"pagetriage-unreviewed-article-count",
"pagetriage-reviewed-article-count-past-week",
"pagetriage-unreviewed-draft-count",
+ "rev-deleted-user",
"pagetriage-sort-by",
"pagetriage-newest",
"pagetriage-oldest",
diff --git a/includes/Api/ApiPageTriageList.php b/includes/Api/ApiPageTriageList.php
index a1e25ada..f6382cd1 100644
--- a/includes/Api/ApiPageTriageList.php
+++ b/includes/Api/ApiPageTriageList.php
@@ -3,12 +3,14 @@
namespace MediaWiki\Extension\PageTriage\Api;
use ApiBase;
+use ApiMain;
use ApiResult;
use MediaWiki\Extension\PageTriage\ArticleMetadata;
use MediaWiki\Extension\PageTriage\OresMetadata;
use MediaWiki\Extension\PageTriage\PageTriageUtil;
use MediaWiki\Logger\LoggerFactory;
use MediaWiki\Title\Title;
+use MediaWiki\User\UserFactory;
use ORES\Services\ORESServices;
use SpecialPage;
use Wikimedia\ParamValidator\ParamValidator;
@@ -22,6 +24,18 @@ use Wikimedia\ParamValidator\TypeDef\IntegerDef;
*/
class ApiPageTriageList extends ApiBase {
+ /** @var UserFactory */
+ private UserFactory $userFactory;
+
+ /**
+ * @param ApiMain $query
+ * @param string $moduleName
+ */
+ public function __construct( ApiMain $query, string $moduleName, UserFactory $userFactory ) {
+ $this->userFactory = $userFactory;
+ parent::__construct( $query, $moduleName );
+ }
+
public function execute() {
// Get the API parameters and store them
$opts = $this->extractRequestParams();
@@ -72,12 +86,20 @@ class ApiPageTriageList extends ApiBase {
$metaData[$page]['creation_date']
);
- // Page creator
- $metaData[$page] += $this->createUserInfo(
- $metaData[$page]['user_name'],
- $userPageStatus,
- 'creator'
- );
+ if ( $metaData[$page]['user_name'] ) {
+ // Page creator
+ $user = $this->userFactory->newFromName( $metaData[$page]['user_name'] );
+ if ( $user && $user->isHidden() ) {
+ $metaData[$page]['user_name'] = null;
+ $metaData[$page]['creator_hidden'] = true;
+ } else {
+ $metaData[$page] += $this->createUserInfo(
+ $metaData[$page]['user_name'],
+ $userPageStatus,
+ 'creator'
+ );
+ }
+ }
// Page reviewer
if ( $metaData[$page]['reviewer'] ) {
@@ -103,7 +125,7 @@ class ApiPageTriageList extends ApiBase {
}
$metaData[$page][ApiResult::META_BC_BOOLS] = [
- 'creator_user_page_exist', 'creator_user_talk_page_exist',
+ 'creator_hidden', 'creator_user_page_exist', 'creator_user_talk_page_exist',
'reviewer_user_page_exist', 'reviewer_user_talk_page_exist',
];
@@ -219,6 +241,7 @@ class ApiPageTriageList extends ApiBase {
$prefix . '_user_talk_page_exist' => isset( $userPageStatus[$userTalkPage->getPrefixedDBkey()] ),
$prefix . '_contribution_page' => $userContribsPage->getPrefixedText(),
$prefix . '_contribution_page_url' => $userContribsPage->getFullURL(),
+ $prefix . '_hidden' => false,
];
}
diff --git a/includes/SpecialNewPagesFeed.php b/includes/SpecialNewPagesFeed.php
index 33dcdcda..aca4ea16 100644
--- a/includes/SpecialNewPagesFeed.php
+++ b/includes/SpecialNewPagesFeed.php
@@ -56,6 +56,8 @@ class SpecialNewPagesFeed extends SpecialPage {
// Output the title of the page
$out->setPageTitle( $this->msg( 'newpagesfeed' ) );
+ // Load common interface css
+ $out->addModuleStyles( [ 'mediawiki.interface.helpers.styles' ] );
// Allow infinite scrolling override from query string parameter
// We don't use getBool() here since the param is optional
diff --git a/modules/ext.pageTriage.list/components/ListContent.vue b/modules/ext.pageTriage.list/components/ListContent.vue
index 7385fff3..d79d2ae7 100644
--- a/modules/ext.pageTriage.list/components/ListContent.vue
+++ b/modules/ext.pageTriage.list/components/ListContent.vue
@@ -58,6 +58,7 @@ const listItemPropFormatter = ( pageInfo ) => {
listItemProps.revCount = parseInt( pageInfo.rev_count );
listItemProps.creationDateUTC = pageInfo.creation_date_utc;
listItemProps.creatorName = pageInfo.user_name;
+ listItemProps.creatorHidden = pageInfo.creator_hidden;
listItemProps.creatorAutoConfirmed = pageInfo.user_autoconfirmed === '1';
listItemProps.creatorRegistrationUTC = pageInfo.user_creation_date;
listItemProps.creatorUserId = parseInt( pageInfo.user_id );
diff --git a/modules/ext.pageTriage.list/components/ListItem.vue b/modules/ext.pageTriage.list/components/ListItem.vue
index 2a42cd54..8d784646 100644
--- a/modules/ext.pageTriage.list/components/ListItem.vue
+++ b/modules/ext.pageTriage.list/components/ListItem.vue
@@ -58,7 +58,11 @@
</div>
<div class="mwe-vue-pt-info-row">
<div>
- <span v-if="creatorName">
+ <!-- if the username is suppressed, present it the same way as in core changelists -->
+ <span v-if="creatorHidden" class="history-deleted mw-history-suppressed mw-userlink">
+ {{ $i18n( 'rev-deleted-user' ).text() }}
+ </span>
+ <span v-else-if="creatorName">
<creator-byline
:creator-name="creatorName"
:creator-user-id="creatorUserId"
@@ -185,6 +189,7 @@ module.exports = {
*/
// Creator information tags
creatorUserId: { type: Number, required: true },
+ creatorHidden: { type: Boolean, required: true },
creatorName: { type: String, required: true },
creatorEditCount: { type: Number, required: true },
creatorRegistrationUTC: {
diff --git a/modules/ext.pageTriage.util/models/ext.pageTriage.article.js b/modules/ext.pageTriage.util/models/ext.pageTriage.article.js
index 0c61a0f1..01f0b1b6 100644
--- a/modules/ext.pageTriage.util/models/ext.pageTriage.article.js
+++ b/modules/ext.pageTriage.util/models/ext.pageTriage.article.js
@@ -106,7 +106,12 @@ const Article = Backbone.Model.extend( {
article.get( 'creator_user_page_exist' )
)
);
- article.set( 'user_contribs_title', article.get( 'creator_contribution_page' ) );
+ } else if ( article.get( 'creator_hidden' ) ) {
+ article.set( 'author_byline_html', mw.msg( 'pagetriage-byline-hidden-username', mw.msg( 'rev-deleted-user' ) ) );
+ article.set(
+ 'user_title_url',
+ mw.msg( 'rev-deleted-user' )
+ );
}
// Are there any PageTriage messages on the talk page?
diff --git a/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.css b/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.css
index 4d8f89e5..5016727f 100644
--- a/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.css
+++ b/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.css
@@ -123,6 +123,11 @@
display: table-cell;
}
+.mwe-pt-history-suppressed {
+ text-decoration-line: line-through;
+ text-decoration-style: double;
+}
+
.mwe-pt-potential-issues {
display: table-cell;
text-align: right;
diff --git a/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.underscore b/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.underscore
index 34cd4944..aa2c3446 100644
--- a/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.underscore
+++ b/modules/ext.pageTriage.views.list/ext.pageTriage.listItem.underscore
@@ -105,7 +105,13 @@
<div class="mwe-pt-info-row">
<div class="mwe-pt-author">
<% if ( typeof( user_name ) !== "undefined" ) { %>
- <%= author_byline_html %>
+ <% if ( !creator_hidden ) { %>
+ <%= author_byline_html %>
+ <% } else { %>
+ <span class="mwe-pt-history-suppressed">
+ <%= author_byline_html %>
+ </span>
+ <% } %>
<!-- user_id is undefined or '0' for IP users -->
<% if ( typeof ( user_id ) != 'undefined' && Number( user_id ) !== 0 ) { %>
&#xb7;
diff --git a/modules/ext.pageTriage.views.toolbar/ToolView.js b/modules/ext.pageTriage.views.toolbar/ToolView.js
index 74a96746..f2544fec 100644
--- a/modules/ext.pageTriage.views.toolbar/ToolView.js
+++ b/modules/ext.pageTriage.views.toolbar/ToolView.js
@@ -267,6 +267,7 @@ module.exports = Backbone.View.extend( {
pageid: mw.config.get( 'wgArticleId' ),
title: mw.config.get( 'wgPageName' ),
creator: this.model.get( 'user_name' ),
+ creatorHidden: this.model.get( 'creator_hidden' ),
reviewed: reviewed
}, data );
},
diff --git a/modules/ext.pageTriage.views.toolbar/articleInfo.js b/modules/ext.pageTriage.views.toolbar/articleInfo.js
index 9b9ef2af..28eef292 100644
--- a/modules/ext.pageTriage.views.toolbar/articleInfo.js
+++ b/modules/ext.pageTriage.views.toolbar/articleInfo.js
@@ -109,6 +109,8 @@ module.exports = ToolView.extend( {
url.toString()
);
+ const offset = parseInt( mw.user.options.get( 'timecorrection' ).split( '|' )[ 1 ] );
+
// creator information
if ( this.model.get( 'user_name' ) ) {
// show new editor message only if the user is not anonymous and not autoconfirmed
@@ -119,7 +121,6 @@ module.exports = ToolView.extend( {
bylineMessage = 'pagetriage-articleinfo-byline';
}
- const offset = parseInt( mw.user.options.get( 'timecorrection' ).split( '|' )[ 1 ] );
// put it all together in the byline
// The following messages are used here:
// * pagetriage-articleinfo-byline-new-editor
@@ -150,6 +151,13 @@ module.exports = ToolView.extend( {
)
).parse();
this.model.set( 'articleByline_html', articleByline );
+ } else if ( this.model.get( 'creator_hidden' ) ) {
+ this.model.set( 'articleByline_html', mw.msg( 'pagetriage-articleinfo-byline-hidden-username', moment.utc(
+ this.model.get( 'creation_date_utc' ),
+ 'YYYYMMDDHHmmss'
+ ).utcOffset( offset ).format(
+ mw.msg( 'pagetriage-info-timestamp-date-format' )
+ ), mw.msg( 'rev-deleted-user' ) ) );
}
const stats = [
diff --git a/modules/ext.pageTriage.views.toolbar/articleInfo.underscore b/modules/ext.pageTriage.views.toolbar/articleInfo.underscore
index 9a7ce587..9760e289 100644
--- a/modules/ext.pageTriage.views.toolbar/articleInfo.underscore
+++ b/modules/ext.pageTriage.views.toolbar/articleInfo.underscore
@@ -23,7 +23,13 @@
<!-- author info -->
<span class="mwe-pt-author">
<% if( typeof( user_name ) != 'undefined' ) { %>
- <%= articleByline_html %>
+ <% if ( !creator_hidden ) { %>
+ <%= articleByline_html %>
+ <% } else { %>
+ <span class="mwe-pt-history-suppressed">
+ <%= articleByline_html %>
+ </span>
+ <% } %>
<div>
<!-- if user is registered (user_id is 0 for IP users) -->
<% if( typeof user_id != 'undefined' && Number( user_id ) !== 0 ) { %>
diff --git a/modules/ext.pageTriage.views.toolbar/mark.js b/modules/ext.pageTriage.views.toolbar/mark.js
index 4d347924..ea221f07 100644
--- a/modules/ext.pageTriage.views.toolbar/mark.js
+++ b/modules/ext.pageTriage.views.toolbar/mark.js
@@ -221,6 +221,7 @@ module.exports = ToolView.extend( {
status = this.model.get( 'patrol_status' ) === '0' ? 'reviewed' : 'unreviewed',
hasPreviousReviewer = this.model.get( 'ptrp_last_reviewed_by' ) > 0,
articleCreator = this.model.get( 'user_name' ),
+ articleCreatorHidden = this.model.get( 'creator_hidden' ),
previousReviewer = hasPreviousReviewer ? this.model.get( 'reviewer' ) : '';
let noteTarget = articleCreator,
notePlaceholder = 'pagetriage-message-for-creator-default-note',
@@ -239,7 +240,7 @@ module.exports = ToolView.extend( {
notePlaceholder = 'pagetriage-message-for-creator-default-note';
}
- if ( mw.config.get( 'wgUserName' ) === articleCreator ) {
+ if ( mw.config.get( 'wgUserName' ) === articleCreator || articleCreatorHidden ) {
numRecipients--;
noteTarget = previousReviewer;
noteRecipientRole = 'reviewer';
diff --git a/modules/ext.pageTriage.views.toolbar/tags.js b/modules/ext.pageTriage.views.toolbar/tags.js
index 45ebfc61..b1d9a896 100644
--- a/modules/ext.pageTriage.views.toolbar/tags.js
+++ b/modules/ext.pageTriage.views.toolbar/tags.js
@@ -308,7 +308,7 @@ module.exports = ToolView.extend( {
if ( this.selectedTagCount > 0 ) {
$( '#mwe-pt-tag-submit-button' ).button( 'enable' );
$( '#mwe-pt-checkbox-mark-reviewed-wrapper' ).show();
- if ( mw.config.get( 'wgUserName' ) !== this.model.get( 'user_name' ) ) {
+ if ( mw.config.get( 'wgUserName' ) !== this.model.get( 'user_name' ) && !this.model.get( 'creator_hidden' ) ) {
$( '#mwe-pt-tag-note' ).show();
}
} else {
diff --git a/modules/ext.pageTriage.views.toolbar/wikiLove.js b/modules/ext.pageTriage.views.toolbar/wikiLove.js
index f493b069..22fe7d0a 100644
--- a/modules/ext.pageTriage.views.toolbar/wikiLove.js
+++ b/modules/ext.pageTriage.views.toolbar/wikiLove.js
@@ -26,11 +26,14 @@ module.exports = ToolView.extend( {
render: function () {
// get the article's creator
const creator = this.model.get( 'user_name' );
+ const creatorHidden = this.model.get( 'creator_hidden' );
// get the last 20 editors of the article
const contributorArray = [];
this.model.revisions.each( function ( revision ) {
- contributorArray.push( revision.get( 'user' ) );
+ if ( typeof ( revision.get( 'userhidden' ) ) === 'undefined' ) {
+ contributorArray.push( revision.get( 'user' ) );
+ }
} );
// count how many times each editor edited the article
@@ -54,7 +57,7 @@ module.exports = ToolView.extend( {
// set the Learn More link URL
$( '#mwe-pt-wikilove .mwe-pt-flyout-help-link' ).attr( 'href', this.moduleConfig.helplink );
- if ( mw.user.getName() !== creator ) {
+ if ( mw.user.getName() !== creator && !creatorHidden ) {
// add the creator info to the top of the list
$( '#mwe-pt-article-contributor-list' ).append(
'<input type="checkbox" class="mwe-pt-recipient-checkbox" value="' + _.escape( creator ) + '"/>' +
--
2.34.1

File Metadata

Mime Type
text/x-diff
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
11393323
Default Alt Text
0001-Don-t-expose-usernames-if-user-is-hidden.patch (15 KB)

Event Timeline

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits