Supervisor mode?

[scripting]

This came up in a meeting, WordPress has a supervisor mode. This lets a support person log on as if they were the user, so they can troubleshoot a problem. I immediately recognize the value of it, and am thinking about how to do it in FeedLand.

My question is how does it work?

[scripting]

Here's the plan I have right now, comments, terminology, problems, etc welcome.

1. two new columns in users table -- flAdmin, adminActingAs
2. new command in menu, Search users, much like Search feeds. You give it a string and it shows you a list of users whose screennames match.
3. for admins, next to each name is an icon which means, if you click it, I am this user now. When you click it, it sets your adminActingAs value to that users screenname. your name in the upper right corner changes to that user's name, perhaps in green or red. a command in that menu disconnects you from the user's account, by setting adminActingAs to the empty string.
4. in getScreenName in feedland.js, which is called for every message that requires authentication, look in the userRec for flAdmin and if adminActingAs is non-empty, that's the screenname we return, not our actual screenname. That has the effect of making you appear to the rest of FeedLand as if you are that user.

[fmfernandes]

How would we add admins? I guess we can manually edit flAdmin in the database, but having a UI for admins to grant/revoke admin access to other users might be useful as well.

[scripting]

@fmfernandes -- i didn't have an idea how we'll do that, and it doesn't seem to matter much, since there probably won't be very many admins, and they won't be doing the setup. once we get in the habit of setting people up for it, i imagine we'll have a better idea of how to make it easier, but we really don't want it to be all that easy. it may be necessary to go to the console in the browser to initiate it at first.

[scripting]

I'm working on this now. It's working a little differently from how it's described, we don't need to store adminActingAs in the users table, and instead of flAdmin, I'm using roles. It's more conventional and offers room for growth.

I'll post a report here for sure when it's ready to test, possible some notes along the way.

[scripting]

TL;DR -- I had to back out of Supervisor Mode for now.

What happened -- I implemented it on the server side, and in feedlandHome without any UI, just setting things up by typing code at the command line in the JS console.

I felt that what I had provably worked, but it didn't. I was getting mixed results in the UI, some of the stuff was for the user I was supervising, yet some of what I saw was stuff from my account. I started to debug it and realized this is something that has to be worked on in isolation from everything else, and must be an open-ended project time-wise. And with all the other stuff that still has to be done, much of it not like this, the fact that I'm the only one who can do any of it, and I'm also pretty tired, it's been over a year of these kinds of projects, pretty much non-stop, this isn't something I can take on right now.

It is a very desirable feature -- having supported users for a long time, I understand how great it would be to not depend on how users explain problems. But we aren't yet in a place where FeedLand can have this feature.

There are other, also complex problems, to deal with that are more self-contained, and more important for the work we must do now, esp related to news products.

I wanted to be clear what my reasons were. We'll get to this, just not now. ;-)

[scripting]

What I really meant is that I wasn't in the mood to figure out what was wrong.

Here's the deal. In FeedLand server, there are two levels that care about user identity, feedland and daveappserver.

The feedland level was working, the problem was in daveappserver.

The difference is that feedland uses the screenname as the identity token, and daveappserver uses the email address.

They should have both worked the same, but I forgive myself for screwing this up this way because it all had to be done as a rush job because Musk Twitter was screwing around with identity and some users were unhappy.

I was using daveappserver for two apps -- FeedLand and Drummer.

One used screennames and the other used email addresses.

One used a MySQL database for storage and the other used the file system or S3.

So I got confused when I wrote this code, and was only sending the target users screenname. I also have to send the email address, and use that in the functions that are implemented in daveappserver.

I probably will pick this up again pretty soon, so I'm leaving this note to myself to take a deep breath and do this step by step. There may be other surprises waiting for us, but we will deal with it. ;-)

[scripting]

I'm implementing supervisor mode this weekend.

What it means -- a person whose role is admin, which is a new column in the user table, can choose to "act as" another user, for purpose of helping the user get past a problem they're having with the software. Prior art is WordPress.

server: feedland and daveappserver

I have it implemented at the feedland and daveappserver levels. It's done with a new param for every API call, actingas, which is the screenname of the account the user wants to supervise. If there is such a user, and the user making the call is an admin, we return the name of the actingas user, not the user who's making the call. From there, the software only knows about the actingas user. All this seems to work at both levels.

client: feedlandHome

At the feedlandHome level, localStorage.adminActingAs, if defined, says who the current user is acting as. This is the value that's added as a param to every API call.

New global routine -- isSupervisorMode, which returns true or false depending on whether you're in supervisor mode

getScreenName () has also been modified so it returns the name of the actingas user.

[scripting]

I've got it working, just a few more steps before release.

I'll be posting the howto on feedlandInstall.

[scripting]

@cagrimmett -- you can try Supervisor Mode on feedland.org. I've given your account admin access. A good account to supervise is cluelessnewbie. Try the Settings command, Like something, write a post to your feed. When you want to resume your own role, choose the command in System menu to exit Supervisor Mode.

I've got the whole day tomorrow for working out any remaining issues with this.

[scripting]

The update is released and should be deployed on a8c.feedland.org.

The instructions for the upgrade are here. (If there are questions about the upgrade post them in this thread.)

The user instructions are here.

[fmfernandes]

Here's some findings when trying the supervisor mode:

1. Whenever I'm supervising someone, when I click settings, their Categories tab is filled with information found on my account.
2. I'm able to type any screenname and start supervising, which seems unexpected.
3. Whenever I supervise a valid user, if I hit Stop supervising, I'm back to my user without supervisor powers. I need to refresh to start supervising again.

[scripting]

@fmfernandes -- thanks for these reports.

1. I tried for about an hour to get it to fail, it was good to review the functionality, and am pretty sure it's doing what it's supposed to do. If you really think this is a bug, then i need a real bug report with steps to reproduce.
2. Not sure what the problem is here. How would you expect it to work differently. Isn't this how it works with WordPress (aside from the UI, I understand they have a list of users and you can right-click on their name to supervise. I didn't have a convenient place to put that functionality now).
3. This was a good suggestion, and I changed feedlandHome to work this way. It was an oversight. Good catch. ;-)

Now when you stop supervising you don't have to reload for the start supervising command to show up in the menu.

[scripting]

An aside, I find I write more like ChatGPT every freaking day.

[scripting]

@fmfernandes

Re the first item -- when I went back to my main acccount, davewiner, i found that my tabs were those from bullmancuso.

So -- there is leakage going on here, in at least one direction.

Not sure how to address it, but I'll be thinking about it.

[fmfernandes]

Not sure what the problem is here. How would you expect it to work differently.

I was thinking that before supervising a user, you'd validate the user exists.

[scripting]

@fmfernandes -- that makes sense. ;-)

[cagrimmett]

Bug report: When supervising an account, your personal News tabs show up as the supervised users's tabs until they log in again.

Steps to reproduce:

1. Navigate to someone's News page, such as fernando. https://a8c.feedland.org/?river=true&screenname=fernando

2. Observe they have 2 tabs, wordPress and development

3. Navigate away from that page, perhaps going to the Feeds page: https://a8c.feedland.org/?username=fernando

4. Click Start Supervising and type in fernando

5. Select Menu > My News

6. Observe that the tabs now showing are different. They are the tabs I've defined for my own account.

   

7. Open an incognito tab where you are not logged in to FeedLand. Navigate to https://a8c.feedland.org/?river=true&screenname=fernando

8. Observe that the incorrect tabs persist until Fernando himself logs back in to his account

[scripting]

I'm going through this now, and was able to get it to reproduce on feedland.com and on feedland.org but not on my local machine. Of course that's where I did 99% of my testing while it was in development. It's the same database as feedland.org. Anyway, I have it failing. I think the problem is in the client not on the server, at least that's what I'm going to dig into first. It's a great way to do a code review, I have to look into all the corners I generally try to stay away from. ;-)

[scripting]

I found the problem. A new version of the server software is coming shortly.

[scripting]

The new version is running on feedland.org. feedland and daveappserver were updated. 0.6.18 and 0.7.11 respectively.

All you have to do is update these two bits and relaunch, and it should be done asap on feedland.com.

It was a documentation error, I didn't mention that there was a setting, config.flEnableSupervisorMode, that defaulted false and needed to be set true.

I changed the default to true. It's not the only barrier to supervisor mode being turned on, you also have to manually set up users to be admins.

Because the default changed, the docs are now correct as-is. :smile:

[scripting]

BTW this was a huge bug.

For anything managed by daveappserver would give you back the admin users values for appPrefs.json, and the other stuff, managed by feedland, would correctly give you back the target user's context. This was because of another problem, the feedland level wasn't respecting config.flEnableSupervisorMode.

The reason it worked on my local setup is that I had config.flEnableSupervisorMode correctly set in the local config.json file.

And now you know -- the rest of the story. ;-)

[scripting]

Fixed bug where we'd let you supervise a user who doesn't exist.