Project Information
- Name of tool/project: Special:Homepage in GrowthExperiments, currently at https://en.wikipedia.beta.wmflabs.org/wiki/Special:Homepage
- Project home page: https://www.mediawiki.org/wiki/Growth/Personalized_first_day/Newcomer_homepage
- Name of team requesting review: Growth-Team
- Primary contact: Kosta Harlan @kostajh
- Target date for deployment: April
- Link to code repository / patchset: https://gerrit.wikimedia.org/g/mediawiki/extensions/GrowthExperiments/+/refs/heads/master
Description of the tool/project
Special:Homepage is a special page we are planning to deploy to our (Growth team's) target wikis. You can see mockups here or interact with the work-in-progress code on beta labs if you're logged in.
On the homepage, users can view their impact, get help, set an email address or send verification email if not verified, create their user page, view a tutorial, and contact their mentor.
We are asking for security review and guidance only for a specific feature of the homepage, which is to allow a privileged user to be able to view Special:Homepage as it renders for another user (some notes also exist here). We currently do something similar to this for the impact module of the homepage (see example on beta), but now we want to expand this to the entire Special:Homepage.
There is no code to review for the above feature yet, creating this task to organize discussion about the approach, which is described below.
Proposed approach
The implementation we are proposing is:
- Create privileged group on the wikis we are deploying to (Czech, Korean, Vietnamese, possibly Arabic)
- Add users who should be able to view Special:Homepage as others to that group (currently would probably just be members . of the Growth-Team, but perhaps the ambassadors who work with us in these wikis as well)
- If privileged users go to Special:Homepage/{username}, in SpecialHomepage.php code we would:
- Check if the context user is in the privileged group and is requesting to view someone else's page
- Create a derivative context based on loading username from the parameters
- Set a flag on the server side that we're in view-as-other mode
- Set a flag in client-side code that we're in view-as-other mode, so that event logging is switched off for example
- Ensure that user email does not display in the account completion module if we are in "view-as-other" mode.
- Question: Do we need to hide the account email verification status when in view-as-other mode?
- The user's mentor is stored as a preference on a per user basis. Should this not be shown?
- Two modules (help, and mentor) allow the user to post a question to the help desk and their mentor respectively, we need to ensure that these modules are in read-only mode. This probably has to be done on the client side.
Update: We can also consider striking the privileged users bit, and develop this feature such that any user could view any other user's Special:Homepage, as long as any user-specific private information is removed from the output.
Description of how the tool will be used at WMF
Mainly @MMiller_WMF will be using the view-as-other feature to verify that the Homepage renders as we intend it to.
Dependencies
none
Has this project been reviewed before?
I think so, but I can't find the task.
Working test environment
It's on beta labs, or you can use the growthexperiments role in Vagrant.