Page MenuHomePhabricator

Configure the permissions for Legalpad
Closed, ResolvedPublic

Description

We need to define which information is visible to all (anonymous included), and which is accessible or editable only to certain groups of registered users.

This task needs to be completed way before Day 1.

Users

  • logged in with Wikimedia SUL
  • must have email address confirmed

LCA members

  • Access to
    • date/time of acceptance
    • wiki account name provided
    • email address
    • audit trail for any changes to this database

Details

Reference
fl365

Event Timeline

flimport raised the priority of this task from to High.Sep 12 2014, 1:38 AM
flimport added a project: Legalpad.
flimport set Reference to fl365.

qgil wrote on 2014-06-03 20:52:38 (UTC)

Who can see which users have signed the document? Is it public, only LCA, or...?

Jalexander wrote on 2014-06-03 20:57:39 (UTC)

Public, the stewards need to be able to see it. We may find some way to transfer them to meta because they would prefer it be posted there no matter what is done elsewhere but regardless they should see it and like our current identification noticeboard it is not private.

qgil wrote on 2014-06-03 21:24:40 (UTC)

What about the email address field? Should it be public as well?

In fact, what is important here? Accessing the email address or being able to contact these trusted users to an email address they have confirmed?

The reason to ask is that Phabricator keeps the email addresses private by default. Whoever has access to the database can find them, but as far as I know web UI users (admins included) can't retrieve them.

Jalexander wrote on 2014-06-03 21:57:51 (UTC)

Email should definitely not be public, we need the ability to send emails but also the ability to pull the email address out if we need it. In theory that is possible if we need to do it out of the DB (Just like I can grab an email address registered to an on wiki account now) but it would be preferable if legal was able to get it out of the interface somehow in my mind.

Rush wrote on 2014-07-03 19:07:44 (UTC)

Specs:

Users

logged in with Wikimedia SUL
must have email address confirmed
LCA members

Access to
date/time of acceptance
wiki account name provided
email address
audit trail for any changes to this database

OUTCOME:

https://legalpad.wikimedia.org/

  • Users can use their SUL creds
  • We are importing their trusted email from mediawiki.org only. We are not doing secondary authorization of the email. We can revisit this if we need?
  • Document signature details show as:
L1 testing document	Chasemp	Chase MP (reg user)	me@wikimedia.org	Thu, Jul 3, 11:27 AM
  • Audit trail for changes example:

https://legalpad.wikimedia.org/legalpad/view/1/

Rush wrote on 2014-07-07 22:02:55 (UTC)

We are importing their trusted email from mediawiki.org only. We are not doing secondary authorization of the email. We can revisit this if we need?

Just kidding, we are doing full email validation as part of the signup process.

qgil wrote on 2014-07-09 13:57:31 (UTC)

I was able to sign a document without having a verified email address (because the verification email hasn't arrived yet, I will file another task about this). See T440 for details (if you can access this task, which seems to be another bug -- or maybe a feature).

Rush wrote on 2014-07-09 20:44:40 (UTC)

FYI there appears to be no 'public' option for viewing in legalpad.

qgil wrote on 2014-07-10 12:45:46 (UTC)

In T365#9, @Jalexander wrote:

Public, the stewards need to be able to see it.

Public view is a requirement. I'd say this is a bug to be filed in Phabricator. In the meantime, just checking: is there a way to reach to a View Public permission through the "Custom" option?

Rush wrote on 2014-07-10 14:28:01 (UTC)

doesn't seem like it, there isn't really a _view_ persay for a document that doesn't also allow signing. So as strange as it seems I think this may be a larger than expected amount of work. Depending on how much of a priority it is we could conceivably find a way to dump the documents into a static page or even onto a wiki page later on for a readonly format, and then indicate users must go associate a phab account with their SUL one to sign them over there =>

But that's all conjecture and a bit of work. I would suggest at the moment we let them work out whether the document portion is going to work out at all first?

qgil wrote on 2014-07-10 15:21:28 (UTC)

Then let's leave it as it is. The LCA team can always keep public copies of the docs in Meta, as @Jalexander suggests, leaving this Legalpad only for the signing process. There are no hidden secrets.

Rush wrote on 2014-07-29 19:26:41 (UTC)

:)

"Visible To: Public" not working in Legalpad

https://secure.phabricator.com/T5739

Qgil renamed this task from Configure the permissions for the Trusted User Tool to Configure the permissions for Legalpad.Oct 6 2014, 9:05 AM
Qgil lowered the priority of this task from High to Low.
Qgil added a project: Phabricator.
Qgil set Security to None.
chasemp reassigned this task from chasemp to Qgil.Dec 2 2014, 3:28 PM
chasemp added a subscriber: chasemp.

AFAIK done, but over to Quim to confirm

Qgil closed this task as Resolved.Dec 19 2014, 2:04 PM
Qgil added projects: acl*sre-team, WMF-Legal.

Closing this task after setting these permissions:

Can Use Application: All Users
Can Configure Application: Administrators
Can Create Documents: WMF-Legal, Operations, and @Qgil
Default View Policy: All Users
Default Edit Policy: WMF-Legal, Operations, and @Qgil

Each Legalpad document can define its own additional permissions for Can View and Can Edit. "Can View" implies can sign. "Can Edit" means that can edit the document itself.