Page MenuHomePhabricator
Create Task
Maniphest T332030

Update user name widgets config to accept or deny temporary user names
Open, Needs TriagePublic
Actions

Description

Background

There are several widgets that accept user name input. These are currently configurable to accept existing user names, IP addresses and/or IP ranges.

Currently, if these widgets accept existing user names, this includes temporary user names.

We may need to specify temporary user names separately from named users.

Affected widgets
  • UserInputWidget
  • UsersMultiselectWidget
  • HTMLUserTextField

Note that due to inheritance, it may not be necessary to make changes to all widgets.

Details

SubjectRepoBranchLines +/-
Update user name widgets config to accept or deny temporary user namesmediawiki/coremaster+54 -2
Customize query in gerrit

Related Objects

Event Timeline

Tchanders created this task.Mar 14 2023, 3:33 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 14 2023, 3:33 PM
Tchanders mentioned this in T331058: Make Special:Mute only usable for named users.Mar 22 2023, 5:03 PM
Tgr added a subscriber: Tgr.Mar 30 2023, 8:29 AM

Basically the user-related form fields need two extra optional boolean paramaters onlynamed / onlytemp (or something like that) which

  • apply an extra validation check to the users on submit, and rejects the appropriate user type
  • onlytemp adds an extra auprefix=* parameter to the list=allusers API call for the autocomplete search
  • onlynamed skips the autocomplete when the typed text starts with *

(Alternatively, temp/named filtering could be added to the list=allusers API and the form could make use of that. That's nicer in general but has an ugly edge case which is not relevant for the form fields: when iterating through users with onlynamed=1 and no auprefix, you'd end up with a query like SELECT * FROM user WHERE user_name >= $offset AND user_name NOT LIKE '*%' LIMIT $limit and that query will perform catastrophically poorly when iteration reaches to usernames starting with *.)

Tgr mentioned this in T330509: [IP Masking] Make Echo Notifications available to temporary users.Mar 30 2023, 8:31 AM
Tchanders added a project: Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Jul 24 2023, 3:41 PM
Tchanders mentioned this in T341684: Should Temp Users show up on the dropdown in Special:UserRights.Jul 24 2023, 3:45 PM
TThoabala claimed this task.Jul 26 2023, 12:59 PM
TThoabala moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
gerritbot added a comment.Aug 9 2023, 2:10 PM

Change 947359 had a related patch set uploaded (by TsepoThoabala; author: TsepoThoabala):

[mediawiki/core@master] Update user name widgets config to accept or deny temporary user names

https://gerrit.wikimedia.org/r/947359

gerritbot added a project: Patch-For-Review.Aug 9 2023, 2:10 PM
TThoabala moved this task from In Progress 💪 to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 16 2023, 4:00 PM
Tchanders added a comment.Aug 17 2023, 2:58 PM

@TThoabala Thanks for the patch! This seems like good advice, but I notice the patch only does the first one:

In T332030#8740886, @Tgr wrote:

Basically the user-related form fields need two extra optional boolean paramaters onlynamed / onlytemp (or something like that) which

  • apply an extra validation check to the users on submit, and rejects the appropriate user type
  • onlytemp adds an extra auprefix=* parameter to the list=allusers API call for the autocomplete search
  • onlynamed skips the autocomplete when the typed text starts with *

Just wondered if there was a reason behind this?

TThoabala moved this task from Code Review 🔍 to In Progress 💪 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 18 2023, 9:10 AM
TThoabala moved this task from In Progress 💪 to Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Aug 23 2023, 9:30 AM
AGueyte moved this task from Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) to Code Review 🔍 on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.Sep 5 2023, 3:40 PM
AGueyte moved this task from Code Review 🔍 to Ready 🎬 (ONLY IF YOU HAVE NO MORE CODE TO REVIEW) on the Anti-Harassment (AHaT Sprint 32 - Baseball Cap) board.
Tchanders edited projects, added Trust and Safety Tools Team Backlog; removed Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Oct 19 2023, 2:46 PM
Tchanders edited projects, added Anti-Harassment (AHaT Sprint 32 - Baseball Cap); removed Trust and Safety Tools Team Backlog.Oct 19 2023, 2:58 PM
Tchanders edited projects, added Trust and Safety Product Team; removed Anti-Harassment (AHaT Sprint 32 - Baseball Cap).Oct 27 2023, 11:59 AM

Moving to the backlog while other work is prioritised

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL