Page MenuHomePhabricator

Policy - add an explanation for automatic capabilities for transactions and transaction comments
ClosedPublic

Authored by btrahan on Feb 2 2015, 10:12 PM.
Tags
None
Referenced Files
F14098250: D11632.id27999.diff
Tue, Nov 26, 8:44 AM
F14098249: D11632.id27995.diff
Tue, Nov 26, 8:44 AM
F14098246: D11632.id.diff
Tue, Nov 26, 8:44 AM
F14098082: D11632.diff
Tue, Nov 26, 8:25 AM
Unknown Object (File)
Mon, Nov 18, 3:37 PM
Unknown Object (File)
Thu, Nov 14, 8:55 PM
Unknown Object (File)
Sun, Nov 10, 12:45 PM
Unknown Object (File)
Tue, Nov 5, 8:51 PM
Subscribers

Details

Summary

Ref T7094. I am not sure when this text is legitimately exposed to users - they should be getting an error about not being able to see the object before they get an error about not being able to see a given transaction... That said, I think this text is logically correct at least.

Test Plan

read the text

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

btrahan retitled this revision from to Policy - add an explanation for automatic capabilities for transactions and transaction comments.
btrahan updated this object.
btrahan edited the test plan for this revision. (Show Details)
btrahan added a reviewer: epriestley.
epriestley edited edge metadata.

Yeah, I think this isn't exposed to users.

The text seems a little bit off to me, since "edit the comment so long as ... edit capabilities for the underlying object" is not correct: you can edit comments even if you can not edit the underlying object.

From a purely technical point of view, these are the policies we implement:

  • Comments are always publicly visible.
  • A comment can only be edited by the author of the comment.

However, in practice, we also always add this rule:

  • To see a comment, you must be able to see the object the comment is on.

So maybe text like this?

Comments are visible to users who can see the object which was commented on. Comments can be edited by their authors.

This revision is now accepted and ready to land.Feb 2 2015, 10:16 PM

The "murky" bit is just that we're setting public as the policy, technically speaking, and only enforcing the tighter policy in practice by always checking objects first.

Possibly, we should make Comments do an attach/load sort of thing and strictly bind them to the policies of their objects, but I think that would be a lot of work for a very marginal benefit. The only case I could see it preventing a programming error is in a future transaction.querycomments sort of method.

This revision was automatically updated to reflect the committed changes.