Page MenuHomePhabricator
Create Task
Maniphest T327061

Enable temp account ip viewing preference by default for checkusers
Open, Needs TriagePublic
Actions

Description

Splitting this work from T326736: Create preference for viewing IP addresses used by temporary accounts. Tried something like this during the course of the ticket:

		if ( $this->userOptionsLookup->getOption( $user, 'checkuser-temporary-account' ) ) {
			// Users with the 'checkuser' right who haven't set a preference should have the option checked by default
			$shouldCheckTmpAcctPref = in_array( 'checkuser', $user->getGroups() ) &&
				is_null( $this->userOptionsLookup->getOption( $user, 'checkuser-temporary-account-enable' ) );
			$preferences['checkuser-temporary-account-enable'] = [
				'type' => 'toggle',
				'label-message' => 'checkuser-tempaccount-enable-preference',
				'section' => 'personal/checkuser-tempaccount',
				'default' => $shouldCheckTmpAcctPref,
			];
		}

From what I can tell, this doesn't actually change the preference at all. It checks it by default when the page loads but doesn't actually save the preference. Also, should we be doing this? Is there some kind of need to log enabling this sort of like we did for IP Info? cc @Tchanders

Related Objects

Event Timeline

STran created this task.Jan 16 2023, 11:22 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 16 2023, 11:22 AM
gerritbot added a comment.Jan 16 2023, 11:46 AM

Change 880438 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/CheckUser@master] Add preference to view temp account IPs

https://gerrit.wikimedia.org/r/880438

gerritbot added a project: Patch-For-Review.Jan 16 2023, 11:46 AM
STran mentioned this in T326736: Create preference for viewing IP addresses used by temporary accounts.Jan 17 2023, 9:58 AM
Tchanders added a subscriber: Niharika.Jan 17 2023, 2:53 PM

Also, should we be doing this? Is there some kind of need to log enabling this sort of like we did for IP Info?

I believe not for checkusers - @Niharika?

Tchanders added a comment.Jan 18 2023, 1:05 PM

@STran Does this documentation help with this task? https://www.mediawiki.org/wiki/Manual:Hooks/GetPreferences#Default_preferences

Tchanders added a parent task: T327281: Use correct legal wording for preference for viewing IP addresses used by temporary accounts.Jan 18 2023, 1:41 PM
Tchanders edited parent tasks, added: T325451: [Epic] Users with appropriate privileges can opt-in to viewing IP addresses; removed: T327281: Use correct legal wording for preference for viewing IP addresses used by temporary accounts.
Tchanders renamed this task from Enable temp account ip viewing by default for checkusers to Enable temp account ip viewing preference by default for checkusers.Mar 3 2023, 5:45 PM
Tchanders removed a parent task: T325451: [Epic] Users with appropriate privileges can opt-in to viewing IP addresses.Apr 18 2023, 3:18 PM

After discussing with @Niharika , we're removing this from the MVP and may return to it later based on user feedback.

Urbanecm subscribed.Sep 8 2023, 4:18 PM
In T327061#8790110, @Tchanders wrote:

After discussing with @Niharika , we're removing this from the MVP and may return to it later based on user feedback.

This is definitely something that should be a part of the MVP. If I understand this correctly, if this task is not completed, everyone (including global and local functionaries) would have to check the preference option to gain access to IP masking data. If that is right, it would mean the Stewards would have to manually enable their access on Every Single Wiki (and we have over a thousand of them). Because of that, not completing this task would significantly disrupt the usability of the temporary account IP reveal interface for the Stewards, up to the point of making it virtually useless (it is not fair to assume Stewards to enable their access independently on all projects). This is the current state for IP Info (which behaves exactly like this), and while it is annoying, IP Info is not (given we still have undisturbed access to the IP data) a critical part of the Steward workflows. It would be very much problematic if the same approach was chosen for IP Masking.

Furthermore, I do not believe completing this task is technically challenging in any way. Currently, the checkuser-temporary-account user right is the only one that guards IP Masking data access, both for functionaries and other users with access. For users with this right assigned, a preference (false by default) appears in Special:Preferences, which can be then checked. What I believe was the considered implementation pathway for this task is splitting the preference's default value to be different per-user (I think so, because DefaultUserOptions was linked by Thalia). This would be indeed fairly challenging and likely error-prone.

Fortunately, splitting the preference defaults is not actually necessary to complete this. Introducing a second right, along the lines of checkuser-temporary-account-functionary, would solve this perfectly. When checking if an user has access to IP Masking data, has checkuser-temporary-account-functionary OR (has checkuser-temporary-account AND has preference) would be the condition to check. While it is slightly longer and more complex, it can be easily masked behind a separate class responsible for determining user access to IP Masking and then reused from any place where this logic is needed.

Last but not least, I'd like to suggest consulting the Stewards before making a decision that mostly affects the Stewards. We're happy to help AHT (or any other team) with making product decisions that are both acceptable/helpful for the Stewards while being reasonably easy to implement, but this is challenging to do if we're not consulted on the decisions. Unfortunately, this is not the first time when this happened (a random Steward stumbling upon a task that seems to present significant difficulties for the group). I believe T&S folks would be always happy to relay any question any WMF team has to the Stewards. We've also steward communication channels (some) staff are a part of, and requesting additional staff to be added is always an option.

Urbanecm added a comment.Sep 8 2023, 4:26 PM

In addition to what I mentioned above, the //Access to temporary account IP addresses policy// explicitly stipulates that "Access is automatically granted to users who are members of the steward and checkuser user groups", while admins and lower needs to opt-in (and agree to the policy). While this is a formal argument, not completing this task goes against the expectations stated in the relevant policy.

Vermont subscribed.Sep 8 2023, 7:18 PM
AntiCompositeNumber added a project: Stewards-and-global-tools.Sep 8 2023, 7:29 PM
AntiCompositeNumber subscribed.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL