Page MenuHomePhabricator

Add reveal policy for Passprase credentials
Needs ReviewPublic

Authored by joshuaspence on Nov 14 2015, 1:53 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Mar 6, 5:15 AM
Unknown Object (File)
Tue, Mar 5, 2:23 AM
Unknown Object (File)
Sat, Mar 2, 6:41 AM
Unknown Object (File)
Jan 16 2024, 5:41 PM
Unknown Object (File)
Dec 23 2023, 11:16 AM
Unknown Object (File)
Dec 19 2023, 1:31 AM
Unknown Object (File)
Dec 17 2023, 8:57 PM
Unknown Object (File)
Dec 7 2023, 10:47 AM
Subscribers

Details

Reviewers
None
Group Reviewers
Blessed Reviewers
Maniphest Tasks
T9575: Make Passphrase policies clearer
Summary

Ref T9575. Users do not seem to understand that the PhabricatorPolicyCapability::CAN_EDIT capability is required in order to be able to reveal a Passphrase secret. Furthermore, there are legitimate situations in which I wish for users to be able to see the plaintext secret but I don't want to generally give them edit permissions (for example, I don't wish for them to be able to change or destroy the secret). As such, this diff introduces a new PassphraseRevealCapability capability.

For consistency, I also renamed "show secret" and "looked at secret" to "reveal(ed) secret".

Test Plan

Created a new Passphrase credential and granted "Can View" and "Can Reveal" capabilities to "All Users". With a second account, was able to view and reveal the Passphrase credentials but was unable to edit them.

Diff Detail

Repository
rP Phabricator
Branch
master
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 8847
Build 10334: Run Core Tests
Build 10333: arc lint + arc unit

Event Timeline

joshuaspence retitled this revision from to Add reveal policy for Passprase credentials.
joshuaspence updated this object.
joshuaspence edited the test plan for this revision. (Show Details)
joshuaspence edited edge metadata.

Seems to work now