###Project Information
* Name of tool/project: Special:Homepage in GrowthExperiments, currently at https://en.wikipedia.beta.wmflabs.org/wiki/Special:Homepage
* Project home page: https://www.mediawiki.org/wiki/Growth/Personalized_first_day/Newcomer_homepage
* Name of team requesting review: #growth-team
* Primary contact: Kosta Harlan @kostajh
* Target date for deployment: April
* Link to code repository / patchset: https://gerrit.wikimedia.org/g/mediawiki/extensions/GrowthExperiments/+/refs/heads/master
###Description of the tool/project
Special:Homepage is a special page we are planning to deploy to our (Growth team's) target wikis. You can see mockups [here](https://wikimedia.invisionapp.com/share/KUQV2QDJ8A7) or interact with the work-in-progress code on [beta labs](https://en.wikipedia.beta.wmflabs.org/wiki/Special:Homepage) if you're logged in.
On the homepage, users can view their impact, get help, set an email address or send verification email if not verified, create their user page, view a tutorial, and contact their mentor.
**We are asking for security review and guidance only for a specific feature of the homepage**, which is to allow a privileged user to be able to view Special:Homepage as it renders for another user (some notes also exist [here](/T217281)). We currently do something similar to this for the impact module of the homepage (see [example on beta](https://en.wikipedia.beta.wmflabs.org/wiki/Special:Impact/Helppaneltest)), but now we want to expand this to the entire Special:Homepage.
**There is no code to review for the above feature yet**, creating this task to organize discussion about the approach, which is described below.
#### Proposed approach
The implementation we are proposing is:
1. Create privileged group on the wikis we are deploying to (Czech, Korean, Vietnamese, possibly Arabic)
1. Add users who should be able to view Special:Homepage as others to that group (currently would probably just be members . of the #growth-team, but perhaps the ambassadors who work with us in these wikis as well)
1. If privileged users go to Special:Homepage/{username}, in SpecialHomepage.php code we would:
1. Check if the context user is in the privileged group and is requesting to view someone else's page
1. Create a derivative context based on loading username from the parameters
1. Set a flag on the server side that we're in view-as-other mode
1. Set a flag in client-side code that we're in view-as-other mode, so that event logging is switched off for example
1. Ensure that user email does not display in the account completion module if we are in "view-as-other" mode.
1. Question: Do we need to hide the account email verification status when in view-as-other mode?
1. The user's mentor is stored as a preference on a per user basis. Should this not be shown?
1. Two modules (help, and mentor) allow the user to post a question to the help desk and their mentor respectively, we need to ensure that these modules are in read-only mode. This probably has to be done on the client side.
**Update**: We can also consider striking the privileged users bit, and develop this feature such that any user could view any other user's Special:Homepage, as long as any user-specific private information is removed from the output.
###Description of how the tool will be used at WMF
Mainly @MMiller_WMF will be using the view-as-other feature to verify that the Homepage renders as we intend it to.
###Dependencies
none
###Has this project been reviewed before?
I think so, but I can't find the task.
###Working test environment
It's on beta labs, or you can use the `growthexperiments` role in Vagrant.
###Post-deployment
#growth-team, @Catrope, @SBisson, @kostajh