Page MenuHomePhabricator
Create Task
Maniphest T126066

Edit history is not available to admins
Open, MediumPublic
Actions

Description

Do we need to surface change history for dashboard entities?

Related Objects
Search...

Event Timeline

awight created this task.Feb 5 2016, 9:06 PM
awight raised the priority of this task from to Needs Triage.
awight updated the task description. (Show Details)
awight added projects: acl*security, Education-Program-Dashboard.
awight added subscribers: Luke081515, csteipp, Aklapper and 2 others.
Restricted Application added subscribers: StudiesWorld, Base. · View Herald TranscriptFeb 5 2016, 9:06 PM
Bawolff subscribed.Feb 7 2016, 9:05 PM

To clarify, why is this marked security? Is it due to people potentially vandalizing EP stuff and not easily being revertable, or is there something more?

Bawolff added a comment.Feb 7 2016, 9:06 PM

[Also it should be noted, not having a history may be in violation of copyright licenses]

Ragesoss subscribed.Feb 7 2016, 9:23 PM

This is mainly relevant for courses that are not set to edit Wikipedia. In that case, the course data (who is enrolled, what each enrolled user is assigned, as well as the basic course data, as well as the freeform content of the course description and timeline) is only retained in the latest form.

Only admins and the users who are instructors for a course are allowed to change the description and timeline, though.

csteipp added a comment.Feb 8 2016, 5:36 PM
In T126066#2006703, @Ragesoss wrote:

This is mainly relevant for courses that are not set to edit Wikipedia. In that case, the course data (who is enrolled, what each enrolled user is assigned, as well as the basic course data, as well as the freeform content of the course description and timeline) is only retained in the latest form.

Only admins and the users who are instructors for a course are allowed to change the description and timeline, though.

Ignoring any legal issues, do you need to track who changed that data for vandalism fighting? If there's no audit of who made the change, that seems like an area ripe for abuse.

Ragesoss added a comment.Feb 8 2016, 5:46 PM
In T126066#2008415, @csteipp wrote:
In T126066#2006703, @Ragesoss wrote:

This is mainly relevant for courses that are not set to edit Wikipedia. In that case, the course data (who is enrolled, what each enrolled user is assigned, as well as the basic course data, as well as the freeform content of the course description and timeline) is only retained in the latest form.

Only admins and the users who are instructors for a course are allowed to change the description and timeline, though.

Ignoring any legal issues, do you need to track who changed that data for vandalism fighting? If there's no audit of who made the change, that seems like an area ripe for abuse.

No. A course that hasn't yet been submitted is only visible to the person who created it (and admins). After it's been submitted, it is still only editable by the person who created it or by admins. So if there is vandalism of that form, it will be obvious who did it.

csteipp triaged this task as Medium priority.Feb 9 2016, 10:20 PM
Elitre added a comment.Feb 11 2016, 7:37 PM

I think that if pages with actual content (like the "overview" ones) are automatically mirrored on Wikipedia, then we could just link to the related history page there?

awight added a comment.Feb 11 2016, 7:39 PM

@Elitre
fwiw, we won't be mirroring to the wiki for the MVP. The main reason to avoid that is, we rely on wiki templates which would be completely different across languages.

awight moved this task from Backlog to Make system usable for non-Wiki Ed programs on the Education-Program-Dashboard board.Feb 17 2016, 6:09 AM
awight renamed this task from Edit history is not available to Edit history is not available to admins.Feb 27 2016, 6:45 AM
awight set Security to None.
Restricted Application added a subscriber: Malyacko. · View Herald TranscriptFeb 27 2016, 6:45 AM
ZhouZ added a project: WMF-Legal.Apr 18 2016, 6:03 PM
Restricted Application added a subscriber: JEumerus. · View Herald TranscriptApr 18 2016, 6:03 PM
ZhouZ moved this task from Backlog to Assigned on the WMF-Legal board.Apr 18 2016, 7:01 PM
ZhouZ subscribed.
Ragesoss added a comment.Jun 13 2016, 8:02 PM

We use the paperclip gem to retain version histories of surveys now. The same functionality could be extended to the basic course data. (Things get considerably more complicated when Timelines are thrown into the mix, since Timelines are composed of many different records / objects. But for now, the P&E dashboard won't make much use of timelines anyway.)

DStrine removed a subscriber: awight.Oct 31 2016, 2:16 PM
Bawolff moved this task from Backlog / Other to Other WMF team on the acl*security board.Dec 13 2016, 10:05 PM
chasemp added a project: Security.Feb 10 2020, 10:59 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:07 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL