Page MenuHomePhabricator
Create Task
Maniphest T295902

Infobox and popup should display an error when the user doesn't have viewing rights
Closed, DeclinedPublicBUG REPORT
Actions

Assigned To
None
Authored By
phuedx
Nov 17 2021, 4:20 PM
Tags
Referenced Files
F37739861: image.png
Sep 19 2023, 4:34 PM
F35598248: image.png
Oct 19 2022, 4:10 AM
F35456249: image.png
Aug 15 2022, 5:06 PM
F34752064: empty_popup.png
Nov 17 2021, 4:20 PM
Subscribers
Aklapper
Prtksxna
STran
Tchanders

Description

List of steps to reproduce (step by step, including full links if applicable):

  • Apply the patch(es) for T292626: Create and implement IP Info viewing rights [L]
  • Login to your local wiki with a user who has the ipinfo right but not the ipinfo-view-basic or ipinfo-view-full right
  • Navigate to Special:Log/block, Special:RecentChanges, etc.
  • Click on the (i) button next to an IP address

What happens?:

empty_popup.png (1×2 px, 388 KB)

What should have happened instead?:

The popup should and accordion should display an error message.

image.png (606×1 px, 47 KB)

Error message: @STran help!

Software version (if not a Wikimedia wiki), browser information, screenshots, other information, etc:

  • Browser: Google Chrome (96.0.4664.45)
  • OS: macOS Monterey (12.0.1)

Related Objects
Search...

Event Timeline

phuedx created this task.Nov 17 2021, 4:20 PM
phuedx edited projects, added Anti-Harassment; removed Anti-Harassment (The Letter Song).
phuedx moved this task from Untriaged to Triage/To be Estimated on the Anti-Harassment board.
ARamirez_WMF moved this task from Triage/To be Estimated to Design on the Anti-Harassment board.Nov 17 2021, 5:20 PM
phuedx added a comment.Nov 17 2021, 6:10 PM

@Prtksxna: We thought of a handful of ways that this (error?) state could be handled during today's AHT: Estimation & Planning meeting;

  1. We display all properties but as Not available
  2. We display an error message
  3. We don't show the tool for users without one of these access levels

We were wondering if you could weigh in on this.

phuedx added a project: Design.Nov 25 2021, 4:29 PM
Prtksxna added a comment.Nov 26 2021, 3:58 PM
In T295902#7511052, @phuedx wrote:
  1. We display an error message

We could do this and use the popup error state here.

  1. We don't show the tool for users without one of these access levels

It would make sense to not show the tool to those who don't have access to it. But I'd like to understand when this would happen, ie, how did the user activate the tool in the first place? Would this happen when they once had access and then it was revoked. So the tool is active (from before) but they don't have the correct right anymore. In that case it might be better to show an error.

phuedx added a comment.Nov 26 2021, 5:45 PM
In T295902#7531336, @Prtksxna wrote:
In T295902#7511052, @phuedx wrote:
  1. We display an error message

We could do this and use the popup error state here.

Thanks! I'll update the task's description.

  1. We don't show the tool for users without one of these access levels

But I'd like to understand when this would happen, ie, how did the user activate the tool in the first place? Would this happen when they once had access and then it was revoked. So the tool is active (from before) but they don't have the correct right anymore. In that case it might be better to show an error.

This is very much a consequence of misconfiguration by us rather than user error. That said, it's not inconceivable that something like this could occur in the future, given that we're not in total control of the configuration.

Prtksxna added a comment.Dec 7 2021, 8:13 AM
In T295902#7531486, @phuedx wrote:

This is very much a consequence of misconfiguration by us rather than user error. That said, it's not inconceivable that something like this could occur in the future, given that we're not in total control of the configuration.

Thanks, understood.

Could you help me think through this a bit? If the user once had access that was somehow revoked we'd like them to see the info icon and the subsequent error message (because something used to work and now it doesn't). On the other hand, if they never had access they should never see the info icon (because nothing ever changed for them). Is that a sensible way to think about this? @phuedx

phuedx updated the task description. (Show Details)Dec 7 2021, 11:33 AM
phuedx added a comment.Dec 7 2021, 12:01 PM
In T295902#7552167, @Prtksxna wrote:
In T295902#7531486, @phuedx wrote:

If the user once had access that was somehow revoked we'd like them to see the info icon and the subsequent error message (because something used to work and now it doesn't).

It might help not to think of this as a revocation for a particular user. Rather, the user has access and, as a result of misconfiguration, still has access (insofar as they've still have the correct user preferences set) but not the correct rights to use the tool.

On the other hand, if they never had access they should never see the info icon (because nothing ever changed for them). Is that a sensible way to think about this?

Yes.

Prtksxna added a comment.Dec 9 2021, 10:12 AM

I understand now. Thanks @phuedx !

STran moved this task from Design to Triage/To be Estimated on the Anti-Harassment board.Aug 15 2022, 4:48 PM
STran added a comment.Aug 15 2022, 5:06 PM

@Prtksxna The design ask around this has changed since this ticket was written. It currently shows all fields but shows "No access." Does this look good? If so can we close this ticket out?

image.png (234×326 px, 16 KB)

STran moved this task from Triage/To be Estimated to Design on the Anti-Harassment board.Aug 15 2022, 5:10 PM
Prtksxna added a comment.Aug 19 2022, 3:35 PM

@STran and what happens when they go to the contribs page? Does it load the box with all the headings and No access too?

This is definitely a graceful fallback, but is this combination of permissions common, or is it more of an error? What kind of user would end up seeing this?

Prtksxna added a comment.Oct 19 2022, 3:50 AM

Met with @STran and got some answers

In T295902#8169414, @Prtksxna wrote:

@STran and what happens when they go to the contribs page? Does it load the box with all the headings and No access too?

Yes, the contribs page loads as normal with No access under all headings.

This is definitely a graceful fallback, but is this combination of permissions common, or is it more of an error? What kind of user would end up seeing this?

Some misconfigured groups would see this. It wouldn't be a normal state.

Prtksxna updated the task description. (Show Details)Oct 19 2022, 4:10 AM
Prtksxna added a comment.Oct 19 2022, 4:20 AM

Hey @STran, I've added the designs, could you update the error message, making it clearer why this is happening and how one could solve it? (talk to admin? or the person who configured the wiki?)

phuedx unsubscribed.Oct 19 2022, 5:07 PM
Prtksxna moved this task from Backlog to Up Next on the IP Info board.Oct 24 2022, 2:48 PM
Prtksxna triaged this task as Low priority.Nov 1 2022, 3:58 AM
KColeman-WMF closed this task as Declined.Sep 19 2023, 4:31 PM
Tchanders added a comment.Sep 19 2023, 4:34 PM

Declined because users do now see useful information with only the ipinfo right:

image.png (610×1 px, 107 KB)

Dreamy_Jazz moved this task from Up Next to Closed on the IP Info board.Feb 3 2024, 12:52 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits