Page MenuHomePhabricator
Create Task
Maniphest T273819

Restrict growthsetmentor command to mentors only
Open, Needs TriagePublic
Actions

Description

Currently API command growthsetmentor (POST like https://ru.wikipedia.org/w/api.php?action=growthsetmentor&...) is overly free to use IMHO.
The only restriction I found: user A cannot set mentor - mentee relation between users B and С (so two other users). That later gives "permissiondenied" error.
Otherwise user A can be the mentor and change his/her mentee. Or user A can be the mentee and change his/her mentor. The last seems to break the idea to randomly evenly distribute newcomers between experienced volunteers.

My proposal is: if the query is from a mentor then OK, otherwise (a mentee) it should be done by contacting the current mentor and to argument the need to move to some other specific mentor,

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits