-
Notifications
You must be signed in to change notification settings - Fork 4
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Validate all EYPD Organizers and remove unauthorized posted events. #689
Comments
Exported the "Users" excel spreadsheet, sorted by roles, and colour-coded editors, subscribers, admins, and "no role" users. While cross-checking the domain names of Organizers against the white list from the Validate by Domain plugin, discovered that not all valid Organizer's Domain names are on the whitelist. So this makes it harder to weed out fake accounts, but not impossible. I am looking for obvious things like a username not matching a first name or an Organization name that does not match their domain name. This likely happened when new users were manually given the Organizer role at Early Years events. Kathreen did a lot of recruiting at events. @dshaykewich, do you think we should also update the whitelist with these current/existing Organizer domain names (providing they are legitimate!)? @kkilbey |
@paulagaube , I think we should leave the whitelist as is for now. Other domains can be added on request. |
@dshaykewich Thank you! |
I have a colour-coded spreadsheet and have checked all Organizers. |
To clarify, this task was done on Prod. Up-to-date as of August 16, 2019. |
@kkilbey This task was done on Prod, not cert. Would you be able to double-check the spreadsheet (I will provide) against the actual Organizers list please and then mark this as done (if complete!) |
Is your feature request related to a problem? Please describe.
Non-dev task
When the Validate by Domain plugin on EYPD was not working, users were able to sign up and create an Organizer account without validating their domain name. At least two new Organizers on Prod are not authorized to post events. At least one of these new Organizers posted what appears to be a fake event. (That event has been taken offline.)
Describe the solution you'd like
Compare the list of Valid Domains with domain name of users who are registered as Organizers. Flag and reduce permission to "Subscriber" or "No role for this site" (if spam) on accounts that are not authorized to be an Organizer.
Remove Events that are related to non-authorized accounts.
Describe alternatives you've considered
Stop all new users from becoming an Organizer automatically. Ask them to email us for permission. (Not a great solution.)
Additional context
We can Use the Excel Export user export feature to compare against the WP-Validate-by-Domain authorized list
As a learner,
I would like to have confidence that the events posted on EYPD are real,
So that I don't register for (and pay money for) a fake course.
As a site administrator,
I would like to have confidence that Organizer/Editors are authorized to post events
So that we don't have to manually check the validity of every event that is posted.
The text was updated successfully, but these errors were encountered: