Page MenuHomePhabricator

Add reveal policy for Passprase credentials
Needs ReviewPublic

Authored by joshuaspence on Nov 14 2015, 1:53 AM.
Referenced Files
F11025381: D14480.id35037.diff
Fri, Aug 12, 12:23 PM
Unknown Object (File)
Wed, Aug 10, 3:47 AM
Unknown Object (File)
Wed, Aug 10, 2:36 AM
Unknown Object (File)
Tue, Aug 9, 7:32 AM
Unknown Object (File)
Tue, Aug 2, 4:39 AM
Unknown Object (File)
Mon, Aug 1, 12:44 PM
Unknown Object (File)
Sun, Jul 31, 7:35 AM
Unknown Object (File)
Sat, Jul 30, 7:09 AM


Group Reviewers
Blessed Reviewers
Maniphest Tasks
T9575: Make Passphrase policies clearer

Ref T9575. Users do not seem to understand that the PhabricatorPolicyCapability::CAN_EDIT capability is required in order to be able to reveal a Passphrase secret. Furthermore, there are legitimate situations in which I wish for users to be able to see the plaintext secret but I don't want to generally give them edit permissions (for example, I don't wish for them to be able to change or destroy the secret). As such, this diff introduces a new PassphraseRevealCapability capability.

For consistency, I also renamed "show secret" and "looked at secret" to "reveal(ed) secret".

Test Plan

Created a new Passphrase credential and granted "Can View" and "Can Reveal" capabilities to "All Users". With a second account, was able to view and reveal the Passphrase credentials but was unable to edit them.

Diff Detail

rP Phabricator
Lint Passed
Tests Passed
Build Status
Buildable 8847
Build 10334: Run Core Tests
Build 10333: arc lint + arc unit

Event Timeline

joshuaspence retitled this revision from to Add reveal policy for Passprase credentials.
joshuaspence updated this object.
joshuaspence edited the test plan for this revision. (Show Details)
joshuaspence edited edge metadata.

Seems to work now