Do we need to surface change history for dashboard entities?
Description
Status | Subtype | Assigned | Task | ||
---|---|---|---|---|---|
Resolved | Ragesoss | T127803 Release Programs dashboard 1.0 | |||
Invalid | None | T128250 Release Programs dashboard 1.0 beta | |||
Open | None | T125433 [Epic] Open security and admin issues with the WMF wikiedu dashboard | |||
Open | None | T126066 Edit history is not available to admins |
Event Timeline
To clarify, why is this marked security? Is it due to people potentially vandalizing EP stuff and not easily being revertable, or is there something more?
[Also it should be noted, not having a history may be in violation of copyright licenses]
This is mainly relevant for courses that are not set to edit Wikipedia. In that case, the course data (who is enrolled, what each enrolled user is assigned, as well as the basic course data, as well as the freeform content of the course description and timeline) is only retained in the latest form.
Only admins and the users who are instructors for a course are allowed to change the description and timeline, though.
Ignoring any legal issues, do you need to track who changed that data for vandalism fighting? If there's no audit of who made the change, that seems like an area ripe for abuse.
No. A course that hasn't yet been submitted is only visible to the person who created it (and admins). After it's been submitted, it is still only editable by the person who created it or by admins. So if there is vandalism of that form, it will be obvious who did it.
I think that if pages with actual content (like the "overview" ones) are automatically mirrored on Wikipedia, then we could just link to the related history page there?
@Elitre
fwiw, we won't be mirroring to the wiki for the MVP. The main reason to avoid that is, we rely on wiki templates which would be completely different across languages.
We use the paperclip gem to retain version histories of surveys now. The same functionality could be extended to the basic course data. (Things get considerably more complicated when Timelines are thrown into the mix, since Timelines are composed of many different records / objects. But for now, the P&E dashboard won't make much use of timelines anyway.)