Page MenuHomePhabricator

Change the "can see remote address?" policy to "is administrator?" everywhere
ClosedPublic

Authored by epriestley on Jan 30 2018, 8:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
May 9 2025, 8:16 PM
Unknown Object (File)
May 7 2025, 5:43 PM
Unknown Object (File)
Apr 23 2025, 8:21 PM
Unknown Object (File)
Apr 10 2025, 11:23 AM
Unknown Object (File)
Apr 2 2025, 5:27 AM
Unknown Object (File)
Apr 2 2025, 3:11 AM
Unknown Object (File)
Apr 1 2025, 5:48 AM
Unknown Object (File)
Mar 31 2025, 9:41 AM
Subscribers
None

Details

Summary

Depends on D18970. Ref T13049. Currently, the policy for viewing remote addresses is:

  • In activity logs: administrators.
  • In push and pull logs: users who can edit the corresponding repository.

This sort of makes sense, but is also sort of weird. Particularly, I think it's kind of hard to understand and predict, and hard to guess that this is the behavior we implement. The actual implementation is complex, too.

Instead, just use the rule "administrators can see remote addresses" consistently across all applications. This should generally be more strict than the old rule, because administrators could usually have seen everyone's address in the activity logs anyway. It's also simpler and more expected, and I don't really know of any legit use cases for the "repository editor" rule.

Test Plan

Viewed pull/push/activity logs as non-admin. Saw remote addresses as an admin, and none as a non-admin.

Diff Detail

Repository
rP Phabricator
Branch
export7
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 19286
Build 26060: Run Core Tests
Build 26059: arc lint + arc unit