Page MenuHomePhabricator
Create Task
Maniphest T364485

Alert a filter editor that a filter must be protected if it is saved with a protected variable
Closed, ResolvedPublic
Actions

Description

See the parent task for more context.

  • Ensure that a user is made aware that the filter they are about to save will be protected, if it contains a protected variable

Details

SubjectRepoBranchLines +/-
Force full evaluation of filter in FilterEvaluator->getUsedVars()mediawiki/extensions/AbuseFiltermaster+15 -3
Hide the checkbox for protecting a filter from users without the rightmediawiki/extensions/AbuseFiltermaster+4 -1
Clarify protected status in filter checkboxesmediawiki/extensions/AbuseFiltermaster+60 -4
Implement 'protected' filter acknowledgement checkboxmediawiki/extensions/AbuseFiltermaster+56 -34
Display changes to filter privacy levels on history and diff pagesmediawiki/extensions/AbuseFiltermaster+458 -28
Customize query in gerrit

Related Objects
Search...

Event Timeline

Tchanders created this task.May 8 2024, 3:46 PM
gerritbot added a comment.May 8 2024, 3:49 PM

Change #1029162 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Ensure that changes to af_hidden are correctly set in afh_changed_fields

https://gerrit.wikimedia.org/r/1029162

gerritbot added a project: Patch-For-Review.May 8 2024, 3:49 PM
Tchanders moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.May 8 2024, 5:42 PM
Tchanders moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)) board.May 8 2024, 6:00 PM
Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)); removed Trust and Safety Product Sprint (Sprint Pennywhistle (23rd April - 3rd May)).May 13 2024, 9:17 AM
Tchanders moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.May 13 2024, 9:28 AM
Tchanders moved this task from In Progress to Needs Review on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.
gerritbot added a comment.May 15 2024, 1:42 PM

Change #1026560 had a related patch set uploaded (by STran; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Allow variables to be restricted by user right

https://gerrit.wikimedia.org/r/1026560

Tchanders reassigned this task from Tchanders to STran.May 15 2024, 3:41 PM

Re-assigning to @STran, who has taken this over.

gerritbot added a comment.May 16 2024, 12:52 PM

Change #1029162 abandoned by STran:

[mediawiki/extensions/AbuseFilter@master] Display changes to filter privacy levels on history and diff pages

Reason:

This work was merged into 1032420 (utility functions) and 1026560 (UI/X updates)

https://gerrit.wikimedia.org/r/1029162

Dreamy_Jazz moved this task from Needs Review to In Progress on the Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)) board.May 17 2024, 9:25 AM
KColeman-WMF subscribed.May 17 2024, 12:30 PM

As discussed with @STran - UX copy is as follows:

Error message:Your filter was not saved because it uses protected variables: user_ip. Please hide details of this filter from users who cannot see protected variables.
Checkbox:Hide details of this filter from users who cannot see protected variables.
Checkbox helper text:This action is permanent and cannot be undone.
Disabled checkbox:Details of this filter are hidden from users who cannot see protected variables. This cannot be undone.
1AmNobody24 subscribed.May 23 2024, 8:21 AM
STran added a comment.Tue, May 28, 10:30 AM

Some conversation around this happened in one of the AbuseFilter check-ins and we talked through some clarifications we thought would improve the UX:

  • If you're not using a protected variable in an unprotected, you shouldn't need to check the box or see it. We should hide the checkbox if no protected variable is used and the filter isn't protected yet. As there is no js parser and we certainly shouldn't implement one for this, we were thinking of doing a simple string comparison check, which could possibly lead to false positives (eg. someone happens to have a username that includes a protected variable). Should copy reflect that uncertainty?
  • The copy for the checkbox implies that you have a choice in whether or not to protect the filter (You can't - the filter will set its own protections). Should this messaging be more explicit that it's an acknowledgement?
  • It's unclear what a protected variable is if you don't already know something about why this is happening (temporary accounts, protecting ips, etc) and what variables specifically are considered protected until you trip an error. Can we link to documentation about protected variables in the message? Or list out the protected variables?

cc @KColeman-WMF

Tchanders edited projects, added Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)); removed Trust and Safety Product Sprint (Sprint Shekere (13th May - 24th May)).Mon, Jun 3, 10:10 AM
KColeman-WMF added a comment.Mon, Jun 3, 7:09 PM

@STran Thanks for the update.

If you're not using a protected variable in an unprotected, you shouldn't need to check the box or see it. We should hide the checkbox if no protected variable is used and the filter isn't protected yet. As there is no js parser and we certainly shouldn't implement one for this, we were thinking of doing a simple string comparison check, which could possibly lead to false positives (eg. someone happens to have a username that includes a protected variable). Should copy reflect that uncertainty?

I'm not sure how to address this issue via the copy (without overcomplicating the error message?) Open to suggestions!

The copy for the checkbox implies that you have a choice in whether or not to protect the filter (You can't - the filter will set its own protections). Should this messaging be more explicit that it's an acknowledgement?

Yes, I suggest we change the copy in the error message and checkbox so that it is acting like an acknowledgement of understanding for the user (see mockup).

It's unclear what a protected variable is if you don't already know something about why this is happening (temporary accounts, protecting ips, etc) and what variables specifically are considered protected until you trip an error. Can we link to documentation about protected variables in the message? Or list out the protected variables?

Good point! I agree let's link to documentation in the error message and checkbox.

Updated copy:
Error message:Your filter was not saved because it uses [protected variables]: user_ip. Please acknowledge that you understand details of this filter will be hidden from users who cannot see protected variables.
Checkbox:I understand that details of this filter will be hidden from users who cannot see [protected variables]
Checkbox helper text:This action is permanent and cannot be undone
Disabled checkbox:Details of this filter are hidden from users who cannot see protected variables

abusefilter-protected.png (1×963 px, 104 KB)

gerritbot added a comment.Tue, Jun 4, 1:55 PM

Change #1038808 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] [WIP] Implement 'protected' filter acknowledgement checkbox

https://gerrit.wikimedia.org/r/1038808

gerritbot added a comment.Wed, Jun 5, 1:42 PM

Change #1038808 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Implement 'protected' filter acknowledgement checkbox

https://gerrit.wikimedia.org/r/1038808

STran moved this task from Priority Backlog to In Progress on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Wed, Jun 5, 1:56 PM
ReleaseTaggerBot added a project: MW-1.43-notes (1.43.0-wmf.9; 2024-06-11).Wed, Jun 5, 2:00 PM
gerritbot added a comment.Wed, Jun 5, 4:48 PM

Change #1039250 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] Clarify protected status in filter checkboxes

https://gerrit.wikimedia.org/r/1039250

STran added a comment.Wed, Jun 5, 4:48 PM

I'm not sure how to address this issue via the copy (without overcomplicating the error message?) Open to suggestions!

If this is overly complicated, would it be better to leave it as-is and if see if it causes confusion/fix it then?

KColeman-WMF added a comment.Wed, Jun 5, 8:44 PM
In T364485#9864722, @STran wrote:

I'm not sure how to address this issue via the copy (without overcomplicating the error message?) Open to suggestions!

If this is overly complicated, would it be better to leave it as-is and if see if it causes confusion/fix it then?

Yes I think that makes most sense. Let's monitor it and if it becomes an issue we can revisit.

gerritbot added a comment.Thu, Jun 6, 4:55 PM

Change #1039591 had a related patch set uploaded (by Tchanders; author: Tchanders):

[mediawiki/extensions/AbuseFilter@master] Hide the checkbox for protecting a filter from users without the right

https://gerrit.wikimedia.org/r/1039591

gerritbot added a comment.Thu, Jun 6, 6:00 PM

Change #1039250 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Clarify protected status in filter checkboxes

https://gerrit.wikimedia.org/r/1039250

STran moved this task from In Progress to Needs QA on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Fri, Jun 7, 10:33 AM
gerritbot added a comment.Fri, Jun 7, 10:39 AM

Change #1039591 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Hide the checkbox for protecting a filter from users without the right

https://gerrit.wikimedia.org/r/1039591

dom_walden subscribed.EditedMon, Jun 10, 1:37 PM

@STran If I use a filter rule like:

action="edit" &
user_unnamed_ip="1.2.3.4"

I am not alerted about using a protected variables, and can save it without having to check I understand that details of this filter will be hidden...

Indeed, I was able to save the filter even if my user did not have rights to see protected variables.

I haven't experimented with this much, but I guess it is because user_unnamed_ip is not the first condition. I notice af_hidden is set to 0 for these filters.

gerritbot added a comment.Mon, Jun 10, 6:01 PM

Change #1041174 had a related patch set uploaded (by STran; author: STran):

[mediawiki/extensions/AbuseFilter@master] Force full evaluation of filter in FilterEvaluator->getUsedVars()

https://gerrit.wikimedia.org/r/1041174

STran moved this task from Needs QA to Needs Review on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Tue, Jun 11, 9:48 AM
gerritbot added a comment.Wed, Jun 12, 10:03 AM

Change #1041174 merged by jenkins-bot:

[mediawiki/extensions/AbuseFilter@master] Force full evaluation of filter in FilterEvaluator->getUsedVars()

https://gerrit.wikimedia.org/r/1041174

ReleaseTaggerBot edited projects, added MW-1.43-notes (1.43.0-wmf.10; 2024-06-18); removed MW-1.43-notes (1.43.0-wmf.9; 2024-06-11).Wed, Jun 12, 11:00 AM
Tchanders moved this task from Needs Review to Needs QA on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Wed, Jun 12, 11:31 AM
dom_walden moved this task from Needs QA to Done on the Trust and Safety Product Sprint (Sprint Melodica (Jun 3 - Jun 14)) board.Fri, Jun 14, 9:46 AM

When trying to save a filter with user_unnamed_ip, I see the warning:

Your filter was not saved because it uses the following protected variables: user_unnamed_ip. Please acknowledge that you understand details of this filter will be hidden from users who cannot see protected variables.

This worked even with a complicated AbuseFilter expression (I concatenated all the files from AbuseFilter's parserTests, inserting user_unnamed_ip at various points).

Test environment: local docker Abuse Filter – (92e1335) 13:45, 13 June 2024.

Dreamy_Jazz closed this task as Resolved.Tue, Jun 25, 10:46 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL