Log when admins access voter data in SecurePoll
Closed, ResolvedPublic2 Estimated Story PointsJan 12 2021
Actions

Assigned To

Authored By

	Tchanders
	Jan 5 2021, 10:07 PM

Description

Following T271270: Create new logging table in SecurePoll, log when admins access voter data.

This task is only for adding a row to the log table.

Details of how we could do this are outlined in T270342#6702969.

Details

Due Date: Jan 12 2021, 5:00 AM

	Subject	Repo	Branch	Lines +/-
	Log when admins access voter data	mediawiki/extensions/SecurePoll	master	+17 -0

Customize query in gerrit

Related Objects
Search...

		Status	Subtype	Assigned	Task
		Resolved		jrbs	T152972 Accessing private information through SecurePoll should be logged
		Resolved	Jan 12 2021	STran	T271276 Log when admins access voter data in SecurePoll

Event Timeline

Tchanders created this task.Jan 5 2021, 10:07 PM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 5 2021, 10:07 PM

Tchanders added a parent task: T152972: Accessing private information through SecurePoll should be logged.Jan 5 2021, 10:07 PM

Tchanders mentioned this in T271277: Create Special:SecurePollLog page.Jan 5 2021, 10:10 PM

Tchanders mentioned this in T271280: Make SecurePoll log data downloadable as a CSV or WikiText.Jan 5 2021, 10:15 PM

Tchanders updated the task description. (Show Details)Jan 6 2021, 5:48 PM

ARamirez_WMF set the point value for this task to 2.Jan 6 2021, 5:49 PM

ARamirez_WMF moved this task from Untriaged to Cards ready for development on the Anti-Harassment board.

Niharika triaged this task as Medium priority.Jan 6 2021, 10:34 PM

Niharika moved this task from Cards ready for development to The Letter Song on the Anti-Harassment board.

Niharika edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.

ARamirez_WMF set Due Date to Jan 12 2021, 5:00 AM.Jan 7 2021, 12:02 AM

ARamirez_WMF changed the subtype of this task from "Task" to "Deadline".

Dependent on T271270: Create new logging table in SecurePoll; stubbing this out in the meanwhile

STran moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.Jan 8 2021, 9:51 AM

Change 655545 had a related patch set uploaded (by STran; owner: STran):
[mediawiki/extensions/SecurePoll@master] [WIP] Log when admins access voter data

https://gerrit.wikimedia.org/r/655545

gerritbot added a project: Patch-For-Review.Jan 12 2021, 5:18 AM

STran moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Jan 12 2021, 5:19 AM

Change 655545 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@master] Log when admins access voter data

https://gerrit.wikimedia.org/r/655545

Maintenance_bot removed a project: Patch-For-Review.Jan 29 2021, 10:10 PM

ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.29; 2021-02-02).Jan 29 2021, 11:00 PM

Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Feb 1 2021, 3:47 PM

We now record every time an admin goes to Special:SecurePoll/list/<id>. A log entry is also recorded every time you refresh or use pagination. So you may see lots of entries for the same user and election (like below).

A log entry is only recorded if the user is an admin of the election and is in the electionadmin group. If a non-admin user goes to /list, they do not see any of the personal data (e.g. IP, UA) and a log entry is not recorded.