Page MenuHomePhabricator
Create Task
Maniphest T275911

[Bug] Block access to election edit page after election end
Closed, ResolvedPublic2 Estimated Story PointsBUG REPORT
Actions

Description

Current behavior

Currently SecurePoll allows election admins to be able to make changes to an election they are admin for by modifying the URL (/edit/<election-id>). They are able to save changes to an election by doing this after the election ends, including changing the election start date.

This is problematic because it can falsify data for scrutineers who analyze election activity. The expectation is that no changes can be made to an election after the end of an election.

Expected behavior

After election end, the election edit page becomes inaccessible and no changes can be made to the election settings.

Details

SubjectRepoBranchLines +/-
Disallow access to settings for finished pollsmediawiki/extensions/SecurePollmaster+6 -0
Customize query in gerrit

Related Objects

Event Timeline

Niharika triaged this task as Medium priority.Feb 26 2021, 8:23 PM
Niharika created this task.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 26 2021, 8:23 PM
Niharika changed the subtype of this task from "Task" to "Bug Report".Feb 26 2021, 8:24 PM
ARamirez_WMF set the point value for this task to 2.Mar 3 2021, 5:07 PM
ARamirez_WMF moved this task from Triage/To be Estimated to Cards ready for development on the Anti-Harassment board.
ARamirez_WMF moved this task from Cards ready for development to The Letter Song on the Anti-Harassment board.Mar 3 2021, 5:55 PM
ARamirez_WMF edited projects, added Anti-Harassment (The Letter Song); removed Anti-Harassment.
STran claimed this task.Mar 4 2021, 12:09 AM
STran moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (The Letter Song) board.
gerritbot added a comment.Mar 4 2021, 12:15 AM

Change 668235 had a related patch set uploaded (by STran; owner: STran):
[mediawiki/extensions/SecurePoll@master] Disallow access to settings for finished polls

https://gerrit.wikimedia.org/r/668235

gerritbot added a project: Patch-For-Review.Mar 4 2021, 12:15 AM
STran moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (The Letter Song) board.Mar 4 2021, 12:20 AM
Tchanders moved this task from Code Review 🔍 to QA/Testing 🐞 on the Anti-Harassment (The Letter Song) board.Mar 4 2021, 3:39 PM
gerritbot added a comment.Mar 4 2021, 4:01 PM

Change 668235 merged by jenkins-bot:
[mediawiki/extensions/SecurePoll@master] Disallow access to settings for finished polls

https://gerrit.wikimedia.org/r/668235

Maintenance_bot removed a project: Patch-For-Review.Mar 4 2021, 4:10 PM
ReleaseTaggerBot added a project: MW-1.36-notes (1.36.0-wmf.34; 2021-03-09).Mar 4 2021, 5:00 PM
dom_walden moved this task from QA/Testing 🐞 to Done: Q3 (2020-2021) on the Anti-Harassment (The Letter Song) board.Mar 5 2021, 12:42 PM
dom_walden subscribed.

If it is after the end date of the election, if you try to go to Special:SecurePoll/edit/<id> you see

This election has finished and you can no longer edit it.

Test Environment: https://vote.wikimedia.beta.wmflabs.org SecurePoll 2.0.0 (67fe30f) 07:56, 5 March 2021.

Niharika closed this task as Resolved.Mar 16 2021, 1:50 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL