Extensão:SecurePoll

**Manual de extensões do MediaWiki**
SecurePoll; Estado da versão: estável
Implementação	Página especial
Descrição	Permite a realização de eleições, enquetes e pesquisas
Autor(es)	Tim Starlingdiscussão
Última versão	3.0.0 (atualizações contínuas)
Política de; compatibilidade	Lançamentos de snapshot junto com o MediaWiki. A master não é retrocompatível.
MediaWiki	1.25+
Modifica o banco; de dados	Sim
	Tabelas securepoll_entity; ; securepoll_msgs; ; securepoll_properties; ; securepoll_elections; ; securepoll_questions; ; securepoll_options; ; securepoll_voters; ; securepoll_votes; ; securepoll_strike; ; securepoll_lists; ; securepoll_cookie_match;
	Parâmetros $wgSecurePollShowErrorDetail; $wgSecurePollEditOtherWikis; $wgSecurePollUseLogging; $wgSecurePollKeepPrivateInfoDays; $wgSecurePollCreateRemoteScriptPath; $wgSecurePollUseNamespace; $wgSecurePollUseMediaWikiNamespace; $wgSecurePollMostActiveWikisThreshold; $wgSecurePollCreateWikiGroups; $wgSecurePollTempDir; $wgSecurePollCreateWikiGroupDir; $wgSecurePollExcludedWikis;
	Direitos adicionados securepoll-create-poll; securepoll-edit-poll; securepoll-view-voter-pii;
	Hooks usados CanonicalNamespaces; LoadExtensionSchemaUpdates; SpecialPage_initList; TitleQuickPermissions; UserLogout;
	Hooks fornecidos SecurePoll_JumpUrl; SecurePoll_GetUserParams;
Licença	GNU GPL (Licença Pública Geral) 2.0 ou superior
Download	Baixar extensão ; Git [?]: Navegar pelo repositório (Phabricator · GitHub); Revisão de código no Gerrit; Registro de commits no Git; Baixar tarball do código-fonte;
	Para traduzir a extensão SecurePoll, verifique sua disponibilidade no translatewiki.net
Problemas	Tarefas em aberto · Relatar um bug

This page is a translated version of the page Extension:SecurePoll and the translation is 49% complete.

A extensão SecurePoll é uma extensão de página especial para eleições, enquetes e pesquisas. Ela é usada para eleições do Conselho da Fundação Wikimedia e eleições do comitê de arbitragem, e foi usada para a votação da transição de licença da Wikimedia, entre outras coisas.

Capturas de tela

Página principal mostrando uma lista de enquetes.
Uma página de enquete com texto descritivo.
Registro de assuntos administrativos na SecurePoll
Registro de votos na SecurePoll

Instalação

Baixe e mova a pasta extraída SecurePoll ao seu diretório extensions/.
Desenvolvedores e colaboradores de código, por outro lado, deverão instalar a extensão a partir do Git, usando:
```
cd extensions/
git clone https://gerrit.wikimedia.org/r/mediawiki/extensions/SecurePoll
```
Adicione o seguinte código ao final do seu arquivo LocalSettings.php :
```
wfLoadExtension( 'SecurePoll' );
```
Execute o script de atualização que criará automaticamente as tabelas necessárias a essa extensão no banco de dados.
Concluído – Navegue à página Special:Version em sua wiki para verificar se a instalação da extensão foi bem sucedida.

In addition, you will need to add some user groups and user rights to your LocalSettings.php file. Here is one way to do it, which gives a new group called electionadmin the power to do everything in SecurePoll (create polls, edit polls, see voter IP addresses):

$wgGroupPermissions['electionadmin']['securepoll-create-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-edit-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-view-voter-pii'] = true;

Once this group is created, a bureaucrat can add someone to the group using Special:UserRights. Then that person can visit Special:SecurePoll to view polls, create polls, edit polls, tally polls, etc.

Each poll's data is compartmentalized. You can have 100 electionadmins, but if you only add one electionadmin to a particular poll, only that one electionadmin will be able to edit that particular poll or see user IPs. If an electionadmin is removed from a poll, they will lose access to it.

securepoll-view-voter-pii is used for "scrutineering" a poll, which involves looking at a list of voter IPs, user agents, and X-Forwarded-For headers to look for cheating (secret duplicate votes by sockpuppets). Because this involves looking at voter IP addresses and other sensitive, personal, de-anonymizing data, it is a sensitive user right, so only trusted users should be assigned to the electionadmin group.

It is possible to split securepoll-view-voter-pii into a separate group. You can use a config such as the one below to create a group called scrutineer that contains the securepoll-view-voter-pii right, separating it from the electionadmin group:

$wgGroupPermissions['electionadmin']['securepoll-create-poll'] = true;
$wgGroupPermissions['electionadmin']['securepoll-edit-poll'] = true;

$wgGroupPermissions['scrutineer']['securepoll-create-poll'] = true;
$wgGroupPermissions['scrutineer']['securepoll-edit-poll'] = true;
$wgGroupPermissions['scrutineer']['securepoll-view-voter-pii'] = true;

A user also needs to be added to the poll (and hence have the securepoll-edit-poll right) in order to view PII - securepoll-view-voter-pii by itself has no effect.

Uso

Criar uma nova enquete

Há duas maneiras de se criar uma nova enquete: criando manualmente um arquivo XML e importá-lo, ou usando a interface de criação de enquetes em Special:SecurePoll.

Manualmente

Para criar uma enquete manualmente, é necessário:

escrever um arquivo XML
importá-lo usando o comando import.php

Na pasta de teste, há quatro arquivos de exemplo:

3way-test.xml
approval-test.xml
radio-range.xml
schulze-test.xml info

Para importar uma enquete, execute o seguinte na pasta do cli:

extensions/SecurePoll/maintenance$ php importElectionConfiguration.php ../tests/phpunit/data/3way-test.xml

Para importar uma enquete usando o docker, execute o seguinte na pasta do cli:

docker-compose exec mediawiki php extensions/SecurePoll/maintenance/importElectionConfiguration.php extensions/SecurePoll/tests/phpunit/data/3way-test.xml

Através da interface web

Um usuário com o direito securepoll-create-poll pode criar uma nova enquete por meio da ligação localizada na parte inferior em Special:SecurePoll.

Para criar uma nova enquete, preencha os campos obrigatórios no formulário de criação. Pode ser necessário um cuidado especial com os seguintes campos:

Ao adicionar administradores da enquete, somente os membros do grupo electionadmin são permitidos. Se $wgSecurePollUseLogging for definida como true, será registrado sempre que um administrador for adicionado ou removido de uma enquete. Os registros podem ser visualizados em Special:SecurePollLog.
Para criar uma enquete criptografada, selecione a opção para o método de criptografia. Se preferir utilizar o GnuPG, gere uma chave de criptografia pública e uma chave de descriptografia privada. Insira a chave de criptografia no formulário de criação e mantenha a chave privada em um local seguro, offline (você precisará dela para a contagem de votos, quando a eleição tiver terminado). [$1 Veja um exemplo detalhado].

Agora, visite Special:SecurePoll e você verá sua enquete. At the top of the poll is some introductory text about the poll. By default it will show [text], and this can be edited via the translation interface (see below).

Editar uma enquete existente

Para editar uma enquete, você deve ser administrador(a) da enquete em questão. Em Special:SecurePoll, clique na ligação Editar da enquete que você deseja editar.

Antes do início de uma eleição, qualquer coisa sobre a eleição pode ser editada. Após o início de uma eleição, alguns campos não podem mais ser editados.

Editar quem pode votar em uma enquete

Para editar quem pode votar em uma enquete, você deve ser administrador(a) da enquete em questão. Em Special:SecurePoll, clique na ligação Elegibilidade do eleitor para a enquete.

Traduzir uma enquete

Para traduzir uma enquete, você deve ser administrador(a) da enquete em questão. Em Special:SecurePoll, clique na ligação Traduzir da enquete que você deseja traduzir.

Ver uma lista de eleitores

Qualquer pessoa pode ver uma lista de eleitores, a menos que os recursos de transparência tenham sido desativados quando a enquete foi criada.

Os administradores de uma determinada enquete podem ver uma lista de eleitores, juntamente com informações privadas que podem ajudar a identificar eleitores duplicados (p. ex., endereços IP, informações do agente do usuário, cookies compartilhados). Se $wgSecurePollUseLogging estiver definida como true, será registrado sempre que um(a) administrador(a) visualizar dados privados. Os registros podem ser vistos em Special:SecurePollLog.

Os administradores podem anular qualquer voto que considerem duplicado.

Contar uma enquete

Para contar uma enquete, você deve ser administrador(a) da enquete em questão. From Special:SecurePoll, click on the Tallies link for the poll you want to tally.

Se a enquete já tiver sido computada anteriormente, os resultados serão exibidos na página. Caso contrário, ou se você quiser refazer a contagem, há um formulário para iniciar uma nova contagem.

If the poll is unencrypted, click on the tally button.
If the poll is encrypted, you may need to enter more information. For example, if you used OpenSSL, enter the (private) decryption key and click on the tally button. If an encrypted poll has many votes, it may take a long time to tally. You may need to check back later for the results.

Now visit Special:SecurePoll and you will see your poll.

(STV) Tallying

More information on w:Counting single transferable votes (STV) can be found at Wikipedia.

General algorithm implementation (source).

Quota is + .000000001. Quota is the minimum value of votes to secure a seat.

1. Compute the quota.
2. Assign votes to candidates by first preferences.
3. Declare as winners all candidates who received at least the quota.
4. Transfer the excess votes from winners to hopefuls.
5. Repeat steps 3 and 4 until no new candidates are elected. (Under some systems, votes could initially be transferred in this step to prior winners or losers. This might affect the outcome.)
If all seats have winners, the process is complete. Otherwise:
6. Eliminate one or more candidates, typically either the lowest candidate or all candidates whose combined votes are less than the vote of the lowest remaining candidate.
7. Transfer the votes of the losers to remaining hopeful candidates.
8. Repeat 3–7 until all seats are full.

The quota we will use (step 1) is the Droop quota (source):

floor( no. votes / (no. seats + 1) ) + 1

The method for transferring votes from elected or eliminated candidates will be the Meek method:

Meek Method

Tallying (JobRunner)

Tallies can be processed via a scheduled job Manual:Job queue . Make sure to create a scheduled job for this task or execute the task manually.
Tallies can also be processed by executing the tallying script manually:

To execute a tally, run the following from the MediaWiki root folder:

extensions/SecurePoll/maintenance/TallyElection.php

To execute a tally using MediaWiki-Docker, run the following from the MediaWiki root folder:

docker-compose exec mediawiki php extensions/SecurePoll/maintenance/TallyElection.php

Generating (STV) Test Elections

Test (STV) elections can be generated from the MediaWiki root folder:
To generate a test election, run the following from the MediaWiki root folder:

extensions/SecurePoll/maintenance/GenerateTestElection.php

Test (STV) elections provide scaffolding from which to tally on

Redirect polls

A redirect poll is a poll that shows up in the list of polls at Special:SecurePoll, but clicking on "vote" and other links will redirect the voter to a different wiki. This is useful if you do all of your votes on a central votewiki (in Wikimedia's case, https://vote.wikimedia.org).

Special:SecurePoll/create will show an additional drop-down list called "For wiki:"—allowing you to select "This wiki", "All wikis", or a different wiki in your wiki farm—if all of the following conditions are met:

You are using a wiki farm (multiple wikis using the same file system but different databases).
You haven't excluded all other wikis using $wgSecurePollExcludedWikis.
You have $wgCanonicalServer configured to have a period (use different subdomains) on each wiki.
You have $wgSecurePollEditOtherWikis = true; for your current wiki.

If you have a wiki in your wiki farm that doesn't have SecurePoll installed, be sure to add it to $wgSecurePollExcludedWikis to keep it out of the "For wiki:" list.


"For wiki" dropdown item selected	What it does locally	What it does on other wikis
This wiki	Creates a local election	Nothing
All wikis	Creates a local election	Creates "redirect polls" at every other wiki in the wiki farm
Picking a specific other wiki such as es.wikipedia.org	Creates a local election	Creates a "redirect poll" at the chosen wiki

Testing note: $wgCanonicalServer must contain domains with subdomains. So for example, http://localhost will not get the dropdown list to show up, but http://en.localhost will.

$wgConf->settings = [
   'wgCanonicalServer' => [
      'my_database' => 'http://en.localhost:8080',
      'secondwiki' => 'http://es.localhost:8080'
   ],

In the database, fields related to redirect polls include the following securepoll_properties.pr_keys: jump-id, jump-url, main-wiki, and mobile-jump-url.

For developers

SQL tables

Note that configuring a poll to use encryption encrypts the securepoll_votes.vote_record field.

Most Wikimedia installations of SecurePoll only have a subset of these tables because they are configured to only host redirect polls that redirect to votewiki. They do not have any local polls. phab:T395928


Table	Field prefix	Description	Contains sensitive data?	Table needed for redirect polls?^[1]^[2]
securepoll_cookie_match	cm_	Used on the vote details page to display the `securepoll-cookie-dup-list` message ("Cookie duplicate users").	Yes	No
securepoll_elections	el_	List of elections, and some basic config data such as the name, creator, start date, end date, language, ballot type (e.g. approval), and tally type (e.g. plurality). Additional config data is pivoted and stored in `securepoll_properties` instead.	No	Yes
securepoll_entity	en_	Maps "one to many" with the `securepoll_msg` table. The "many" is because a securepoll_msg can be in multiple languages. Possible options for `securepoll_entity.en_type` are `election`, `question`, and `option`.	No	Yes
securepoll_lists	li_	Stores usernames manually added via the Voter Eligibility page. Users are added in the format userName@databaseName. There are 3 types of lists: Eligibility list - The `li_name` value is `[electionId]/list/need-list`. These are folks who are allowed to vote if they meet the on-the-fly eligibility requirements such as X number of edits. Overrride list - The `li_name` value is `[electionId]/list/include-list`. These are folks who are allowed to vote no matter what. Exclude list - The `li_name` value is `[electionId]/list/exclude-list`. These are folks who are not allowed to vote no matter what.	No	Yes
securepoll_log	spl_	If `$wgSecurePollUseLogging` is set to true, stores the log entries here.	Yes. Special:SecurePollLog is private.	No
securepoll_msgs	msg_	List of strings. For example, the poll name, the poll questions, and the poll answers. This is mapped to from other tables such as `securepoll_options` and `securepoll_questions`, and supports having the same entity in multiple languages (`securepoll_msgs.msg_lang`).	No	Yes
securepoll_options	op_	List of poll options for each question. Doesn't store the option text here, but rather maps it to the table `securepoll_msgs`.	No	No
securepoll_properties	pr_	Config data for each election. For example, who the election admins are, whether it's a redirect poll, whether to shuffle the options, whether to use encryption, list of tallies and their values (`tally-result`), etc. Is also the config data for on-the-fly voter eligibility calculation. For example, voter minimum edit count and voter not-sitewide-blocked is stored here.	Partial. Rows with pr_key as gpg-encrypt-key, gpg-sign-key, openssl-encrypt-key, openssl-sign-key, tally-result, tally-result-time are private data.	Yes
securepoll_questions	qu_	List of poll questions. Doesn't store the question text here, but rather maps it to the table `securepoll_msgs`.	No	No
securepoll_strike	st_	Which votes have been struck (crossed out, removed from the tally) by election admins. Includes a reason that they can type in.	Yes. Only election admins can see the strike log from the UI.	No
securepoll_voters	voter_	One row per voter per election. Voters are distinct and will not be duplicated in the same election. Contains data on the voter such as their user groups and whether they're blocked or not. Probably used to determine voter eligibility. `voter_properties` contains data such as wiki, blocked, sitewide blocked, central block count, central sitewide block count, edit count, bot, language, user groups, eligibility lists, and registration date.	Partial. This is private for elections with transparency features disabled.	No
securepoll_votes	vote_	One row per vote per election. Contains data on the voter such as IP address and user agent, and contains the actual vote in the `vote_record` column. The "most active wiki" that the voter chose, if enabled for this poll, is stored in `vote_voter_domain`. `vote_current`=0 means that this is a duplicate vote and has been discarded; this is re-calculated for all of the user's previous votes each time they submit a new vote.	Yes. Contains voter PII such as IP addresses and user agents. Contains the vote itself and its timestamp (the vote date is public unless the voter list is turned off, the vote time is private).	No

Enabling local elections on a Wikimedia wiki

SecurePoll is installed on every wiki except loginwiki and wikitech. But additional configuration is needed to get it to host local elections (and not just redirect polls / global elections).

Phab ticket - Create a Phabricator ticket to start the process and centralize discussion. Tag it "Wikimedia-site-requests" and "MediaWiki-extensions-SecurePoll". Make the ticket a parent of T301180 Allow local wikis to set up elections.
Consensus - Get consensus to have local elections through a noticeboard discussion on your local wiki, and then link it in the phab ticket.
Tables - Have someone with the right production shell access (ops, deployment, restricted, analytics-privatedata-users) check that your wiki has the below tables in s1-s8 (not x1). If your wiki is missing any of these tables, ask someone with the right production shell access (ops, deployment) to create them. After T403874, these will be created by running the maintenance script WikimediaMaintenance -> createExtensionTables.php. Until that ticket is resolved, will need to do something else. Maybe copy paste some of SecurePoll -> sql/mysql/tables-generated.sql into the MariaDB monitor?
- securepoll_cookie_match
- securepoll_log - only needed if you're using the private logging feature ($wgSecurePollUseLogging)
- securepoll_options
- securepoll_questions
- securepoll_strike
- securepoll_voters
- securepoll_votes
Patch - Write and deploy a gerrit patch similar to this one
- If you want the public logging feature (logging when election officials change election settings, logs to public pages), set $wgSecurePollUseMediaWikiNamespace. $wgSecurePollUseNamespace is also an option, but is discouraged, because it creates an entire namespace for a small number of pages.
- If you want the private logging feature (logging when election officials view IPs, logs to a private page), set $wgSecurePollUseLogging
NameTableAccessException - If you are getting the error "MediaWiki\Storage\NameTableAccessException: No insert possible but primary DB didn't give us a record for 'SecurePoll' in 'content_models", this is from T399633. The one time fix is to have a deployer run INSERT INTO content_models (model_name) VALUES ('SecurePoll')

Only the following wikis are able to run local elections, until they follow the checklist above. The ability of a wiki to create local elections depends on it having a user group with the user right securepoll-create-poll. Feel free to add your wiki here once it's gone through the above process.

enwiki
fawiki
officewiki
testwiki
votewiki
zhwiki

Documentation

SecurePoll

SecurePoll general documentation can be found at wikitech:SecurePoll.

SecurePoll Improvements

A summary of improvements to SecurePoll can be found at Anti-Harassment Tools/SecurePoll Improvements.

Understanding the STV result

Documentation on STV results can be found at Anti-Harassment Tools/SecurePoll Improvements/Understanding the STV result.