From 27bc8d11fb74a3867604a1301c9a4d0cef8aeca1 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 19 Sep 2014 17:58:34 +0100 Subject: Use 'user support' consistently rather than 'user interaction' --- docs/running/admin_manual.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 567e6cf5e..be0bd9d36 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -49,7 +49,7 @@ During that week, the tasks broke down as follows: * 2 requests that have been marked as needing admin attention * 2 things marked as errors (message refused by server - spam, full mailbox, etc) to fix -### User interaction tasks +### User support tasks * 16 general, daily admin: i.e. things that resulted in admin actions on the site (bounces, misdelivered responses, etc) @@ -59,9 +59,9 @@ During that week, the tasks broke down as follows: * 3 requests to redact personal information * 2 requests to redact defamatory information -## Types of user interaction +## User support -There follows a breakdown of the most common kinds of user interaction. It's +There follows a breakdown of the most common kinds of user support. It's intended for use as a guide to the kind of policies and training that a support team might need to develop. -- cgit v1.2.3 From cb5e647fdf1e094353b531f408bc37bfd6a51bcd Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 19 Sep 2014 17:59:21 +0100 Subject: Restructure under 'maintenance' and 'support', add TOC --- docs/running/admin_manual.md | 96 +++++++++++++++++++++++++++++++++----------- 1 file changed, 72 insertions(+), 24 deletions(-) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index be0bd9d36..0a63ea8dd 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -13,6 +13,35 @@ title: Administrator's guide href="https://www.whatdotheyknow.com">whatdotheyknow.com.

+In this guide: + + + ## What's involved? The overhead in managing a successful FOI website is quite high. Richard, a @@ -24,7 +53,7 @@ WhatDoTheyKnow usually has about 3 active volunteers at any one time managing the support, plus a few other less active people who help out at different times. -Administration tasks can be split into **maintenance** and **user support**. +Administration tasks can be split into [**maintenance**]({{ site.baseurl }}docs/running/admin_manual/#maintenance) and [**user support**]({{ site.baseurl }}docs/running/admin_manual/#user-support). The boundaries of these tasks is in fact quite blurred; the main distinction is that the former happen exclusively through the web admin interface, whereas the latter are mediated by email directly with end users (but often result in @@ -253,13 +282,13 @@ Can be for many reasons, e.g. themselves * A reply has been automatically filed under the wrong request -## Vexatious users +### Vexatious users Some users persistently misuse the website. An alaveteli site should have a policy on banning users, for example giving them a first warning, informing them about moderation policy, etc. -## Mail import errors +### Mail import errors These are currently occurring at a rate of about two a month. Sometimes the root cause seems to be blocking in the database when two mails are received for @@ -274,7 +303,46 @@ the error sent to the site support address) in a file without the first "From" line, and piping the contents of that file into the mail handling script. e.g. ```cat missing_mail.txt | script/mailin``` -## Censor rules + +## Maintenance + +### Administrator privileges and accessing the admin interface + +The administrative interface is at the URL `/admin`. + +Only users with the `super` admin level can access the admin interface. Users +create their own accounts in the usual way, and then administrators can give +them `super` privileges. + +There is an emergency user account which can be accessed via +`/admin?emergency=1`, using the credentials `ADMIN_USERNAME` and +`ADMIN_PASSWORD`, which are set in `general.yml`. To bootstrap the +first `super` level accounts, you will need to log in as the emergency +user. You can disable the emergency user account by setting `DISABLE_EMERGENCY_USER` to `true` in `general.yml`. + +Users with the superuser role also have extra privileges in the website +front end, such as being able to categorise any request, being able to view +items that have been hidden from the search, and being presented with "admin" +links next to individual requests and comments in the front end. + +It is possible completely to override the administrator authentication by +setting `SKIP_ADMIN_AUTH` to `true` in `general.yml`. + +### Removing a message from the 'Holding Pen' + +### Editing and uploading public body email addresses + +### Banning a user + +### Deleting a request + +### Hiding a request + +### Hiding an incoming or outgoing message + +### Editing an outgoing message + +### Hiding certain text from a request using censor rules Censor rules can be attached to a request or to a user and define bits of text to be removed (either from the request (and all associated files e.g. incoming @@ -301,24 +369,4 @@ hanging the application altogether), so please: * Restrict your use of them to cases that can't otherwise be easily covered. * Keep them as simple and specific as possible. -## Administrator privileges -The administrative interface is at the URL `/admin`. - -Only users with the `super` admin level can access the admin interface. Users -create their own accounts in the usual way, and then administrators can give -them `super` privileges. - -There is an emergency user account which can be accessed via -`/admin?emergency=1`, using the credentials `ADMIN_USERNAME` and -`ADMIN_PASSWORD`, which are set in `general.yml`. To bootstrap the -first `super` level accounts, you will need to log in as the emergency -user. You can disable the emergency user account by setting `DISABLE_EMERGENCY_USER` to `true` in `general.yml`. - -Users with the superuser role also have extra privileges in the website -front end, such as being able to categorise any request, being able to view -items that have been hidden from the search, and being presented with "admin" -links next to individual requests and comments in the front end. - -It is possible completely to override the administrator authentication by -setting `SKIP_ADMIN_AUTH` to `true` in `general.yml`. -- cgit v1.2.3 From 4c04031815526495e38b4229ae37a503fe41aa07 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Sep 2014 16:09:52 +0100 Subject: Add section on removing message from holding pen. Text adapted from https://github.com/mysociety/alaveteli/issues/465 --- docs/running/admin_manual.md | 12 ++++++++++++ 1 file changed, 12 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 0a63ea8dd..e2482619f 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -330,8 +330,20 @@ setting `SKIP_ADMIN_AUTH` to `true` in `general.yml`. ### Removing a message from the 'Holding Pen' +The reason a message is in the holding pen is because the email can't be automatically associated with the request it is responding to. The email needs to be moved from the holding pen to the request it belongs with. + +First, log into the admin interface at `/admin`. You will see messages that are in the 'holding pen' under the title ‘Put misdelivered responses with the right request’. Click on the chevron to see the individual messages. + +If you click on a message in the holding pen, you may see a guess made by Alaveteli as to which request the message belongs to. Check this request. If it isn't the right one, or if Alaveteli hasn't made any guesses, you will need to look at the `To:` address of the raw email and the contents of the mail in order to figure out which request it belongs to. You can browse and search requests in the admin interface under the 'Requests' menu item. + +Once you have identified the request the message belongs to, you need to go back to the holding pen message page. Paste the request `id` or `url_title` into the box under 'Actions' in 'Incoming Message'. The request `id` can be found in the request URL in the admin interface - it is the part after `/show/`. In the admin request URL `/admin/request/show/118`, the request `id` is `118`. The `url_title` can be found in the request URL in the main interface - it is the part after `/request/`. In the URL `/request/documents_relating_to_meeting`, it is `documents_relating_to_meeting`. Then click on 'Redeliver to another request'. + +The message will now be associated with the correct request and will appear on the public request page. + ### Editing and uploading public body email addresses + + ### Banning a user ### Deleting a request -- cgit v1.2.3 From 960c7a242123e49ae8bd809f30f3f3e7bacbbf17 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Sep 2014 16:18:49 +0100 Subject: Add a section on editing outgoing messages Text adapted from https://github.com/mysociety/alaveteli/issues/465 --- docs/running/admin_manual.md | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index e2482619f..8e41475c3 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -354,6 +354,13 @@ The message will now be associated with the correct request and will appear on t ### Editing an outgoing message +You may find there is a need to edit an outgoing message because the requester has accidentally included personal information that they don't want to be published on the site. You can either follow one of the 'admin' links from the public request page on the site, or find the request from the admin interface by searching under 'Requests'. + +Scroll down to the 'Outgoing Messages' section, and click on 'Edit'. + +Then on the next page you will be able to edit the message accordingly and save it. The edited version will then appear on the Alaveteli website, although an unedited version will have been sent to the authority. + + ### Hiding certain text from a request using censor rules Censor rules can be attached to a request or to a user and define bits of text -- cgit v1.2.3 From 10880b94acbf50660ef8217958ddba6a26d35880 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Sep 2014 16:26:02 +0100 Subject: Add a section on banning a user. Text adapted from https://github.com/mysociety/alaveteli/issues/465 --- docs/running/admin_manual.md | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 8e41475c3..b4da389c1 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -346,6 +346,12 @@ The message will now be associated with the correct request and will appear on t ### Banning a user +You may wish to completely ban a user from the website (such as a spammer or troll for example). You need to log into the admin interface at `/admin`. On the top row of links, locate and click on ‘Users’. + +Find the user you wish to ban on the list and click on their name. Once on the user page, select ‘edit’. + +Enter some text in the in the ‘Ban text’ box to explain why they have been banned. Please be aware, this is publicly viewable from the users' account. Then click on save and the user will be banned. + ### Deleting a request ### Hiding a request -- cgit v1.2.3 From d8b1e0da0ad21967c31ae99436bb01f317958417 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Sep 2014 16:40:31 +0100 Subject: Add a section on deleting requests. --- docs/running/admin_manual.md | 3 +++ 1 file changed, 3 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index b4da389c1..2420c0a2f 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -354,8 +354,11 @@ Enter some text in the in the ‘Ban text’ box to explain why they have been b ### Deleting a request +You can delete a request entirely using the admin interface. You will mainly only need to do this if someone has posted private information. Go to the admin page for the request by searching or browsing in the 'Requests' section of the admin interface. In the first section, click the 'Edit metadata' button. At the bottom of the next page, click the red 'Destroy request entirely' button. + ### Hiding a request + ### Hiding an incoming or outgoing message ### Editing an outgoing message -- cgit v1.2.3 From b3db714729316238f314d995355d93439cee448f Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Mon, 22 Sep 2014 16:41:24 +0100 Subject: Use 'admin interface' instead of 'admin tool' --- docs/running/admin_manual.md | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 2420c0a2f..03380aa22 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -346,7 +346,11 @@ The message will now be associated with the correct request and will appear on t ### Banning a user +<<<<<<< HEAD You may wish to completely ban a user from the website (such as a spammer or troll for example). You need to log into the admin interface at `/admin`. On the top row of links, locate and click on ‘Users’. +======= +You may wish to completely ban a user from the website (such as a spammer or troll for example). You need to log into the admin interface at `admin`. On the top row of links, locate and click on ‘Users’. +>>>>>>> 5ad8992... Use 'admin interface' instead of 'admin tool' Find the user you wish to ban on the list and click on their name. Once on the user page, select ‘edit’. -- cgit v1.2.3 From 9d1b1001bb4ddbc0e10e04a0e01800264303f21a Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 26 Sep 2014 16:12:31 +0100 Subject: Add some basic instructions on changing the visibility of a request. --- docs/running/admin_manual.md | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 03380aa22..4b292374e 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -362,6 +362,29 @@ You can delete a request entirely using the admin interface. You will mainly onl ### Hiding a request +You can hide an entire request from the admin interface. Log in to the +admin interface at `/admin`. On the top row of links, locate and click on +'Requests'. Search or browse to find the admin page for the request you +want to hide. You can also go directly to this page by following an +'admin' link from the public request page. You can hide a request in one +of two ways. + + * Hiding a vexatious or non-FOI request and notifying the + requester + Scroll down to the 'actions' section of the request + admin page. Select one of the options next to 'Hide the request and + notify the user:' and customise the text of the email that will be + sent to the user to let them know what you've done. When you're + ready, click the 'Hide request' button. + * Hiding a request or making it only visible to the + requester without notifying the requester + In the 'Request metadata' section of the request + admin page, click 'Edit metadata'. Change the 'Prominence' value to + 'requester_only' to only allow the requester to view the request, or + to 'hidden' to hide the request from everyone except site admins. + When you're ready, click 'Save changes' at the bottom of the 'Edit + metadata' section. No email will be sent to the requester to notify + them of what you've done. ### Hiding an incoming or outgoing message -- cgit v1.2.3 From 39205b2879c99aab4da3d5d6624664bc4a2b40e4 Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 26 Sep 2014 16:22:01 +0100 Subject: Add basic info on hiding incoming or outgoing messages. --- docs/running/admin_manual.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 4b292374e..2aefe6365 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -388,6 +388,21 @@ of two ways. ### Hiding an incoming or outgoing message +You may need to hide a particular incoming or outgoing message from a +public request page, perhaps because someone has included personal +information in it. You can do this from the message's page in the admin +interface. You can get to a message's admin page either by following the +links from the "Outgoing messages" or "Incoming messages" sections of +the request's admin page, or directly from the public request page by +clicking on the 'admin' link on the message itself. Once you are on the +message's admin page, you can change it's prominence. Set the prominence +to 'hidden' to hide it from everyone except site admins, or to +'requester_only' to allow it to be viewed by the requester (and by site +admins). If you can, add some text in the box 'Reason for prominence'. +This will be displayed as part of the information that will appear on +the request page where the message used to be, telling people that it +has been hidden. + ### Editing an outgoing message You may find there is a need to edit an outgoing message because the requester has accidentally included personal information that they don't want to be published on the site. You can either follow one of the 'admin' links from the public request page on the site, or find the request from the admin interface by searching under 'Requests'. -- cgit v1.2.3 From 4b2de63262f1db7b9f8a22f9df551a358c3a6f2a Mon Sep 17 00:00:00 2001 From: Louise Crow Date: Fri, 26 Sep 2014 16:35:24 +0100 Subject: Add some more details to the instructions for adding censor rules. --- docs/running/admin_manual.md | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) (limited to 'docs/running') diff --git a/docs/running/admin_manual.md b/docs/running/admin_manual.md index 2aefe6365..e135e30a8 100644 --- a/docs/running/admin_manual.md +++ b/docs/running/admin_manual.md @@ -414,7 +414,7 @@ Then on the next page you will be able to edit the message accordingly and save ### Hiding certain text from a request using censor rules -Censor rules can be attached to a request or to a user and define bits of text +Censor rules can be attached to a request or to a user. These rules define bits of text to be removed (either from the request (and all associated files e.g. incoming message attachments) or from all requests associated with a user), and some replacement text. In binary files, the replacement text will always be a series @@ -439,4 +439,23 @@ hanging the application altogether), so please: * Restrict your use of them to cases that can't otherwise be easily covered. * Keep them as simple and specific as possible. +To attach a censor rule to a request, go to the admin page for the +request, scroll to the bottom of the page, and click the "New censor +rule (for this request only)" button. On the following page, enter the +text that you want to replace e.g. 'some private info', the text you +wish to replace it with e.g. '[private info has been hidden]', and a +comment letting other admins know why you have hidden the information. + +To attach a censor rule to a user, so that it will be applied to all +requests that the user has made, go to the user page in the admin +interface. You can do this either by clicking on the admin heading +'Users' and browsing or searching to find the user you want, or by +following an 'admin' link for the user from the public interface. One +you are on the admin page for the user, scroll to the bottom of the page +and click the 'New censor rule' button. On the following page, enter the +text that you want to replace e.g. 'my real name is Bruce Wayne', the +text you wish to replace it with e.g. '[personal information has been +hidden]', and a comment letting other admins know why you have hidden +the information. + -- cgit v1.2.3