Closed Bug 843871 Opened 13 years ago Closed 12 years ago

Security Review: Mozillians Profile Privacy Controls

Categories

(mozilla.org :: Security Assurance: Review Request, task)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: hoosteeno, Assigned: freddy)

References

Details

(Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Web])

Initial Questions: Project/Feature Name: Mozillians Profile Privacy Controls Tracking ID: Description: We have a Q1 goal to "Release privacy controls to allow Mozillians to have a public profile page and be recognized for their contributions." To implement this goal we want to create a mechanism whereby registered users of Mozillians.org can make some fields in their Mozillians profile public. Doing so would make these profiles and the specified fields viewable by... * non-vouched Mozillians * not-logged-in internet visitors * search engines and other crawlers Additional Information: https://wiki.mozilla.org/Mozillians/RoadMap#Phonebook https://bugzilla.mozilla.org/show_bug.cgi?id=747524 Urgency: 2-4 weeks Key Initiative: All Release Date: 2013-03-28 Project Status: active Mozilla Data: Yes New or Change: Existing Mozilla Project: Marketing Initiative Mozilla Related: Mozillians.org and current/future API users of Mozillians.org. Separate Party: No Security Review Questions: Affects Products: No Review Due Date: 2013-03-18 Review Invitees: :sancus,:giorgos,:hoosteeno,:williamr Extra Information: It's not clear right now whether this feature warrants security review. And we may need to ask for a later date, depending on how development goes.
marked for triage on 27-Feb-2013
Keywords: sec-review-needed
Whiteboard: [triage needed]
Group: mozilla-corporation-confidential
Assignee: nobody → fbraun
Whiteboard: [triage needed] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd]
What stage is the development at now? Just wondering when it will be ready to test.
Development is underway right now. We'd love to have testing late during the week of 3/17. Will that work?
The interface for privacy controls has landed on the dev server. This is just the interface: The backend code is not complete. In other words, you can't actually submit changes and have them be saved in the database or have them apply to viewers. However, I think the backend functionality is explained fairly well by the interface. 1) Here is the interface where users will edit their privacy settings. There are settings on several tabs: https://mozillians-dev.allizom.org/en-US/user/edit 2) You'll also want to see the profile view interface; we added a dropdown there that lets users see their profile as if they were members of a particular group. To get there, click on your username at the top right and choose "View Profile". Your feedback is welcome!
The new Mozillians privacy controls are in staging and tagged for a 3/28 release. https://mozillians.allizom.org/en-US/user/edit/
I reviewed the privacy controls on https://mozillians.allizom.org/en-US/user/edit/ and the source code based on this branch: https://github.com/mozilla/mozillians/commit/90cd56e75780e64524c83bc08ef3f01a8cd5a0f6.
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Whiteboard: [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd] → [pending secreview][start yyyy-mm-dd][target yyyy-mm-dd][Web]
You need to log in before you can comment on or make changes to this bug.