Votes summary for deleted posts is shown to users without the privilege to see deleted posts #1514
Comments
Oaphi
added
type: bug
|
There's logic for the posts page (and main profile page) to filter out deleted posts, so presumably we can use that same logic here, though we'll need to handle the daily aggregation (adjust the number if a day has both live and deleted posts, omit the day if there's nothing to see). Question: should mods and the owner see those entries on the votes summary, as for the posts page? If it complicates things too much then "no" is a fine answer, but if it's easy, we might want to do it for consistency. No strong opinion here, just raising the question. |
I believe they should - it's not too much work, and I was planning to do so from the beginning, it's just a matter of filtering depending on whether the user has permission - we already do that for search. |
|
Alternative suggestion:
Does this cover all of the concerns about leaking information? This would still leak some information. Are the following acceptable:
@cellio if this way is acceptable, it would automatically mean that mods and the post author would see entries consistent with the posts page. |
|
In thinking about this I found that reputation is affected by the deletion of a post (which I had not realised previously). When a post is deleted, the reputation effects of all its upvotes and downvotes are reverted. Currently this does not appear to be reflected in the Vote Summary page. That is, the reputation is reverted but the votes still show on the Vote Summary page. Is this correct? If not it could be a separate issue, but I wanted to ask here in case it affects the approach to this issue. Thinking of consistency, there's also the stats panel below the large user avatar on the right hand side of the user profile page. Here "Number of received votes (up minus down)" does not change when a post is deleted, but "Reputation" does. Not necessarily incorrect, just another thing that may need to match if any changes are made to how the Vote Summary page counts votes. |
|
I don't think the existence of restricted categories needs to be a secret. It's ok if people see that those exist so long as they can't view them, IMO. "Can't view" would also mean not exposing the post titles. (Imagine an academic setting where faculty/TAs are using a restricted category to track issues with specific students -- you wouldn't want to leak a post title like "plagiarism investigation: Joe Blow".) I think this is what you mean by showing "hidden post", which sounds fine. Do we care about potentially shaming users who got a bad start but recovered quickly? As a user, how would you feel about people seeing that you had 3 deleted posts yesterday with a total of 11 downvotes, but you've since gotten your footing and you have a couple live 0-vote posts? Would publicizing the history be prejudicial? Embarrassing? Or no big deal? (This might be a question for Meta.) Thanks for the reminder about the stats panel. For consistency, it seems like the counts should be for undeleted posts; those who can see will see the true numbers elsewhere on the profile, and those who can't see don't need to be left wondering. But also, that stats panel needs work anyway, as it doesn't account for all post types, so it's ok with me if we defer that part if need be. |
Daily vote summary shows votes for all posts without any check whether the user has access to those posts (either to category or deleted state). While we do not show the posts, this has potential to leak information that should not be public.
To Reproduce
Easily reproducible in production.
Expected behavior
Votes for deleted posts or inaccessible categories are filtered out from the view.
Screenshots
The text was updated successfully, but these errors were encountered: