Hi all, here are my first thoughts about it, please let me know what you all think, thanks in advance:

What happens to the event if the creator loses their right?
The event creator should not:

• Be able to access the event page as an organizer
• Be able to edit the event registration
• Be listed as an organizer

What *should* happen to the event?

• If there are other organizers, we don't display the organizer that doesn't have the right on the list of organizers.
• If there is only one organizer, the event details special page, and the header on the event page should inform the users that the event is closed, canceled or another message like: this event does not have an organizer, and so we do not allow participants to register anymore.

What *should* happen to the creator if they are the sole organizer?

• I think the user should not have access to the event as an organizer anymore, also event details and the header on the event page should inform the users that the event is closed, canceled or another message like: this event does not have an organizer, and so we do not allow participants to register anymore.

What *should* happen to the creator if they are one of many organizers?

• Should not be displayed on the list of organizers for that event anymore

How and when do we validate the user right?

• We will need to validate the user right on special event details, edit event registration, my events and on the event page header.

In T330412#8643363, @cmelo wrote:

What happens to the event if the creator loses their right?
The event creator should not:

• Be able to access the event page as an organizer

What would this mean in practice? Would they be treated as a normal user, being able to register etc.?

• Be able to edit the event registration

And also delete, I assume?

• Be listed as an organizer

See below.

What *should* happen to the event?

• If there are other organizers, we don't display the organizer that doesn't have the right on the list of organizers.
• If there is only one organizer, the event details special page, and the header on the event page should inform the users that the event is closed, canceled or another message like: this event does not have an organizer, and so we do not allow participants to register anymore.

I'm wondering if removing the organizer's name is the best option. While it's true that they're no longer considered an organizer, it may also look confusing, e.g., if you want to know who the organizer(s) were. Maybe we could still list the organizer, but explain that they are no longer an organizer of the event? In the API, this could be an additional boolean property in the response; for the GUI, I'm not sure. Not letting users register makes sense, though I guess we may need design input on this.

How and when do we validate the user right?

• We will need to validate the user right on special event details, edit event registration, my events and on the event page header.

We'd want to do that at a lower level though, otherwise this code would be duplicated a lot. The main issue here is that PermissionChecker needs OrganizerStore to know who the organizers are. We can't add the inverse dependency. Perhaps we need a new data access abstraction to handle that? The core idea would be to introduce a distinction between "organizer in the DB" and "person who's actually considered an organizer" (meaning they're in the DB and they have the user right).

In T330412#8644184, @Daimona wrote:

In T330412#8643363, @cmelo wrote:

What happens to the event if the creator loses their right?
The event creator should not:

• Be able to access the event page as an organizer

What would this mean in practice? Would they be treated as a normal user, being able to register etc.?

Yes, they would be treated as a normal user.

• Be able to edit the event registration

And also delete, I assume?

Yes.

• Be listed as an organizer

See below.

What *should* happen to the event?

• If there are other organizers, we don't display the organizer that doesn't have the right on the list of organizers.
• If there is only one organizer, the event details special page, and the header on the event page should inform the users that the event is closed, canceled or another message like: this event does not have an organizer, and so we do not allow participants to register anymore.

I'm wondering if removing the organizer's name is the best option. While it's true that they're no longer considered an organizer, it may also look confusing, e.g., if you want to know who the organizer(s) were. Maybe we could still list the organizer, but explain that they are no longer an organizer of the event? In the API, this could be an additional boolean property in the response; for the GUI, I'm not sure. Not letting users register makes sense, though I guess we may need design input on this.

Yes, I understand your point, but I still think we should remove the organizer from the list, because while removing the organizer entitlement is not the same as removing the event organizer, it is similar.

But on the other hand I agree with you, as some extreme cases can happen, such as the organizer losing the right by mistake, and this can be frustrating if the organizer tries to access the event data and does not find any notice saying why he can no longer access the event data.

How and when do we validate the user right?

• We will need to validate the user right on special event details, edit event registration, my events and on the event page header.

We'd want to do that at a lower level though, otherwise this code would be duplicated a lot. The main issue here is that PermissionChecker needs OrganizerStore to know who the organizers are. We can't add the inverse dependency. Perhaps we need a new data access abstraction to handle that? The core idea would be to introduce a distinction between "organizer in the DB" and "person who's actually considered an organizer" (meaning they're in the DB and they have the user right).

Yes, I agree thanks, I think we need to create a new data access abstraction for this.

Hi all, I was thinking about the reasons why organizers could lose the right to organize events, and some questions come up, I need your help to figure out how should we handle them, there are 2 scenarios below with "???" those are the doubts we have about how to handle the given situations.
Thanks in advance.

Scenario 1: An organizer is organizing an event that will take place next week and has lost the right because of a bad behavior.

Given the organizer has lost the right to organize events
And there are no other organizers in that event
Then the event should be canceled automatically

And the participants should receive an automatic message by email ???

Given the organizer has lost the right to organize events
And there are other organizers in that event
Then the organizer must not be able to do any organizer action like ( edit the event registration, remove participants, remove the event, etc..)

The organizer Should not be listed in the list or organizers Or should be listed with a stroke and a message informing that the user is not a valid organizer anymore) ???

Given the organizer has lost the right to organize events
And there are other organizers in that event
And the organizer is also a participant on that event

Then the organizer should be removed from the list of participants ???

Scenario 2: An organizer is organizing an event that will take place next week, but after that event the organizer doesn't want to be an organizer anymore, so the organizer ask an admin to remove his right to organize events, and the admin remove the right before the event take place.

Given the organizer has lost the right to organize events because he asked to
And there are no other organizers in that event
And there are still open events that the organizer wants to handle

Should the events be canceled Or Should the organizer be able to handle the remaining events ???

Note: we have no way to know why the organizer lost the right to organize events, so if we decide to let the organizer finish their open events, this will be default for every organizer that lost the right to organize events.

@Sadads @IBrazal

@IBrazal answers:

Scenario 1:
The event should be closed, not canceled. Since the event will be in a week or closer, there is a greater possibility that everything about the event is already planned out and ready to be carried out. What we can do is hinder the possibility of adding more participants on wiki. If it’s in person, there is a greater chance that they will go on with it anyway. There are a lot of reasons a user loses a right on wiki, some of it are just purely technical or misunderstanding with an administrator, or editing error that admins might see as vandalism, or a compromised user account. If it's behavioral and might endanger others, there will be intervention and advice from Legal or Trust and Safety on what is the best thing to do, then and there we’ll know if we need to manually cancel the event, or even delete it.
If there are other organizers in the event, then the organizer should automatically become a participant. So they won’t be able to do anything on the event registration. This is the best default.
If the organizer is also a participant, I don’t think it’s necessary to remove them as a participant. Other organizers will have the power to remove them if they deemed it necessary.

Scenario 2:
If the organizer requested that their user rights be removed, we can choose whether :
To close all of their open events.
Notify them that their rights have changed, their other events have been closed, and they will need to send a message to the admin (within a time frame) if there is a misunderstanding or else the events will be automatically canceled if no further action is done.
Or by default, if we have events closed by the system, we can automatically cancel them within a given time frame
I think it is best if:
there shouldn’t be any event left open without an organizer
if it’s possible, provide access to an admin to assign a new organizer to an event, just in case the organizer account has been compromised
suggest a co-organizer for any event

@cmelo I think you meant to tag @IBrazal above?

In T330412#8668551, @ldelench_wmf wrote:

@cmelo I think you meant to tag @IBrazal above?

yes, thank you!!!

I think we're converging here. What are the next steps? The multiple organizer implementation is ready for review, and none of the features above were implemented. I believe that's fine, but I'm also curious about the game plan.

Thanks all!!!

I still have some open questions (listing them below).

1 - If an organizer loses the right to organize events, should we remove this user from the list of organizers, or something like add a stroke on it, and a message on mouseover?

2 - If an organizer recovers the right to organize events, should we automatically reopen the events that the end dates are in the future?

3 - Do we really need to implement task number 2 (see it below)?

Here are what I think the next steps would be, please let me know what you think, @Daimona, @MHorsey-WMF, @IBrazal, @ldelench_wmf, @VPuffetMichel

Create the following tasks (Although we still need to define their priorities and when we will implement them):

1 - If an organizer loses the right to organize events, the event status should change to closed.

2 - The organizer who lost the right to organize events must automatically become a participant.

• I find it a bit costly to implement and maintain this behavior, but below is an option of how to implement this, if it is really necessary, bearing in mind that the organizer can still register or cancel the registration manually.
  • We can use this hook, and in case the user is losing the right to organize events, we check all events where the user is an organizer and the event is open, so we add the user as a participant if the user isn't already and has not been removed from the participant list.
    • Or should we add the user as a participant even if the user was removed from the list of participants???

3 - Email the organizer who lose the right.

• we can use this hook, to email the users when they lose the right, also when they get it if we want (this would be a separate task, see number 5).

• The message could be something like:

		You lost the right to organizer events, your open events will be closed.

4 - Provide access to Admins, so they can change the event data if needed.

5 - Send an email to the organizer that got the right to organize events.

I can create these tasks, after we answer the open questions, thanks all!

In T330412#8682851, @cmelo wrote:

1 - If an organizer loses the right to organize events, should we remove this user from the list of organizers, or add a stroke on it, and a message on mouseover?

SGTM, altohugh I'd leave it for Gregory to determine what the best design would be.

3 - Email the organizer who lose the right.

About this one, note that users can already choose to receive notifications of user right changes (the option is called "User rights change"). By default, you get both a web and an email notification. I don't think we need to duplicate that behaviour.

5 - Send an email to the organizer that got the right to organize events.

I'm not sure if I understand this, in the context of someone losing rights.

In T330412#8683085, @Daimona wrote:

In T330412#8682851, @cmelo wrote:

1 - If an organizer loses the right to organize events, should we remove this user from the list of organizers, or add a stroke on it, and a message on mouseover?

SGTM, altohugh I'd leave it for Gregory to determine what the best design would be.

Yes, agree.

3 - Email the organizer who lose the right.

About this one, note that users can already choose to receive notifications of user right changes (the option is called "User rights change"). By default, you get both a web and an email notification. I don't think we need to duplicate that behaviour.

Thanks, that is good to know, so maybe we don't need this, unless we want to send a custom message to inform the organizer about what will happen with their open events.

5 - Send an email to the organizer that got the right to organize events.

I'm not sure if I understand this, in the context of someone losing rights.

This would be only to inform the user, it is really not in the context of someone losing rights, and since they already have an option to receive notifications about right changes, we can remove this one.

Here's what I'd like to propose as a first pass:

• If an organizer loses the right to organize events:
  • We do not display their name.
  • We will only display organizers who are current organizers. (i.e they have the organizer right). That would be consistent with the way we remove multiple organizers from the UI.
• If the last organizer loses the right to organize events:
  • The event status is closed.
  • We don't display any organizers. (and displaying a message "this event does not currently have an organizer" or "no organizers")

All the following tasks (below) can be done later because there are alternate ways to do the same thing and we can adjust once we have built the "first pass" proposal above if needed.

2- If an organizer recovers the right to organize events, we do not need to reopen the event as a feature as the organizer can actually do it themselves.

2 - The organizer who lost the right to organize events must automatically become a participant.
3 - Email the organizer who lose the right.
4 - Provide access to Admins, so they can change the event data if needed.
5 - Send an email to the organizer that got the right to organize events.

What do you all think?

In T330412#8689512, @VPuffetMichel wrote:

Here's what I'd like to propose as a first pass:

• If an organizer loses the right to organize events:
  • We do not display their name.
  • We will only display organizers who are current organizers. (i.e they have the organizer right). That would be consistent with the way we remove multiple organizers from the UI.
• If the last organizer loses the right to organize events:
  • The event status is closed.
  • We don't display any organizers.

All the following tasks (below) can be done later because there are alternate ways to do the same thing and we can adjust once we have built the "first pass" proposal above if needed. [...]
What do you all think?

I mostly agree with this, but I'm still unsure how exactly we would "not display any organizers", since I think we would still need to display something (like a message saying there are no organizers or something). Also, technically speaking, removing an organizer is not the same as an organizer losing their rights. When an organizer is removed, they're gone for good. When someone loses their rights, they're still technically "linked" to the event as an organizer. In fact, this raises the question of whether an organizer who loses rights but then regains them should still be counted as an organizer of that event.

@Daimona Yes of course, we would display a message to say that the event does not have any organizers.
"this event does not currently have an organizer" or "no organizers". I will add that above.

In fact, this raises the question of whether an organizer who loses rights but then regains them should still be > counted as an organizer of that event.

I think that's what we are saying: if you lose the organizer right and get it back, you have access again to all your events. You would also need to open them 'manually' since they were closed.
What makes you think that this would not be the case?

In T330412#8689864, @VPuffetMichel wrote:

@Daimona Yes of course, we would display a message to say that the event does not have any organizers.
"this event does not currently have an organizer" or "no organizers". I will add that above.

Sounds good, thank you.

In fact, this raises the question of whether an organizer who loses rights but then regains them should still be > counted as an organizer of that event.

I think that's what we are saying: if you lose the organizer right and get it back, you have access again to all your events. You would also need to open them 'manually' since they were closed.
What makes you think that this would not be the case?

Yup, I just wanted to make this decision explicit. In my previous message I was only using this as an example of how an organizer losing rights is not equivalent to an organizer being removed.

Thanks, @VPuffetMichel, it sounds good to me!!!

I posted an answer in slack
I repost here with an improvement of the reflection

Getting his rights withdrawn or requesting the withdrawal of rights or even leaving the event is basically the same thing (he is no longer the master of the events that he created or of those he is part of).

That said: there are two approaches in my vision:

1- If the creator of the event leaves the administration rights of the event (by his own decision), depending on why he leaves the event there are two cases

• First case (he/she leaves because there is danger to people and organizers) This means for any reason that the event will be closed - even if there are several organizers.

• Second case (there is no danger) good solution: the organization will pass to the next organizer if there is more than one in the event.

If the creator of the event leaves the administration right now, it is possible to automatically take over the administration rights of the event by the first organizer using the FIFO method. The event will remain temporarily closed as long as no organizer has taken over the flag.
That said, the system will do this with the ability to display that this event no longer has an organizer,
I don't think the tool should go any further, like notifying TS or something.

Even in case of force majeure for the main organizer and he is the only organizer and let's say a new organizer shows up we could see the possibility to promote the rights to a participant so he can take over the event.

2- Second approach: the organizer is withdrawn from the organization because he has been banned, there is also application of the first and second cases

Hello everyone,
Just a few ideas on the subject (several good ideas have been said):

1. Case of an event with only one organiser:
2. If an organiser loses the rights (for whatever reason), a message should be sent to them to say so and the event is cancelled. Then, a message should be sent to the participants to tell them that since the event no longer has an organiser, it is cancelled; they should be given the opportunity to unregister so that the event is deleted.

2. Case of an event with several organisers:
3. One of the organisers should receive a message designating him/her as the main organiser of the event. Participants should also be informed of the new organiser.

The main organiser should be removed from the event list (as organiser or as participant)

Thank you