Page MenuHomePhabricator

Check poll admins are also in the electionadmin group when accessing admin features
Closed, ResolvedPublic

Description

Sometimes the users are added to the electionadmin group temporarily for some reason, then removed again. Currently, admins for a particular poll can still access admin features for that poll even when they are no longer in the electionadmin group.

Only people who are poll admin on an election and are also in the electionadmin group should be allowed to access admin features for a poll, so check for this whenever checking for a poll admin.

Event Timeline

Tchanders renamed this task from Check poll admins also have the electionadmin right when accessing admin features to Check poll admins are also in the electionadmin group when accessing admin features.Jan 6 2021, 8:20 PM
Tchanders updated the task description. (Show Details)
This comment was removed by Niharika.
Niharika triaged this task as Medium priority.Jan 6 2021, 10:22 PM
Niharika moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.

If it helps, we're replacing the fields for adding admins with a UsersMultiselect field (T270634), which would indicate whether the user could be added or not. We use a similar field in Special:Investigate, and here's what it looks like with an invalid user:

image.png (105×718 px, 11 KB)

If it helps, we're replacing the fields for adding admins with a UsersMultiselect field (T270634), which would indicate whether the user could be added or not. We use a similar field in Special:Investigate, and here's what it looks like with an invalid user:

image.png (105×718 px, 11 KB)

Thanks. I was gonna ask this on T271327: Require that a user is in the electionadmin group in order to be an admin for a poll [M]. We'll probably need some design element to indicate why the user is appearing as Invalid.

@STran Feel free to ignore the previous two comments - they belong on a different task as @Niharika mentioned!

Change 655875 had a related patch set uploaded (by STran; owner: STran):
[mediawiki/extensions/SecurePoll@master] [WIP] Check if user is in electionadmin group

https://gerrit.wikimedia.org/r/655875

@Prtksxna For this ask, I am currently using the same error for both "you are not an admin" and "you are not part of the electionadmin group" since they were so close. It looks like this for either case right now:

image.png (206×467 px, 12 KB)

I was wondering if this was okay or if you think it'd be better to have 2 individual errors instead. If the latter, what should the error for "you are not part of the electionadming group" be?

@STran I thinks it's alright to use the same error text. Is there a default error style we can use here? Something from HTMLForm or OOUI?

Is there a standard? I found this PermissionsError being used on the same page and it outputs something like this:

image.png (229×729 px, 20 KB)

@Prtksxna Would it be possible to make another task if we want to restyle the error? It appears in quite a few places and is currently unstyled like the standard permissions error, as per @STran's screenshot.

@Prtksxna Would it be possible to make another task if we want to restyle the error? It appears in quite a few places and is currently unstyled like the standard permissions error, as per @STran's screenshot.

Yep, I'll make a task. Is there a standard error thing that I should mention?


Talking to @Tchanders I realized that the whole page shows the error, so we don't need extra styling. I don't know how I missed that in the screenshot. No follow-up task needed.

Tchanders added a subscriber: drochford.

@jrbs @drochford Do we need to alert the community about this change in workflow?

Change 655875 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@master] Check if user is in electionadmin group

https://gerrit.wikimedia.org/r/655875

@jrbs @drochford Do we need to alert the community about this change in workflow?

I don't think so, at least not super widely, since votewiki is pretty much solely operated by the Foundation alongside community. Might be good to give a heads up to e.g. Huji and other volunteer devs who do make use of the software though.

dom_walden subscribed.

I tested that a user needs to be in the electionadmin group AND be an admin of the election in order to:

  • Translate a poll
  • View the list of voters (if the election is private)
  • View more details on the list page (if the election is not private)
  • View voter details (Special:SecurePoll/details/$id)
  • Do the various Voter Eligibility actions (e.g. edit the eligibility list)
  • Get an XML dump of an election (if the election is private)
  • Tally an election
  • Strike or unstrike a vote (via the API)

One thing I don't understand is when a poll is created on wiki a but "for" wiki b. The privacy option is not copied over from a to b. So, on wiki b you can view the list of voters or get an XML dump, even if you cannot on a. But, if the voting is happening on wiki a, those votes will not appear on wiki b (in the list or in the XML dump). So maybe it is ok. I don't understand this part of SecurePoll.

Test Environment: mostly local vagrant SecurePoll 2.0.0 (3534347) 07:48, 1 February 2021.