Allow users to be "Banished", hiding their profiles and comments
AbandonedPublic
Actions

Authored by epriestley on Dec 22 2018, 5:09 PM.

Details

Reviewers

amckinley

Maniphest Tasks

T13215: Secure/Admin have many accounts with commercial links in profile blurbs

Summary

Ref T13215. We're a long way away from a comprehensive approach to abuse, but here's a small step forward: allow users to be "Banished", which hides their comments, profile, and profile image.

This acts like a super-disable: you can't be banished without also being disabled (and unbanishing un-disables).

Largely, this just makes my life easier in doing some cleanup on secure and admin. It may also make life a little easier for other open source installs, since they can deputize lieutenants with "Can Disable Users" which is fully reversible but can clean up some of the most obvious badness of spammers/vandals. This change moves us slightly toward T12877.

I probably didn't get everything and if there's still some way to pull banished users' comments (e.g., transaction.search) that's fine, we can tighten this up over time. It isn't a security/policy issue to let this stuff leak, it's just a nice-to-have to clean it up.

Test Plan

Banished, disabled, unbanished, and un-disabled users.
Verified that non-"Can Disable Users" users can not see banished profiles.
Saw basished user's comments hidden.
Tried to history/quote/edit/raw a banished user's comments, got sensible errors.

Diff Detail

Repository

rP Phabricator

Branch

banish1

Lint

Lint Passed

Unit

Tests Passed

Build Status

Buildable 21425
Build 29180: Run Core Tests
Build 29179: arc lint + arc unit

Event Timeline

epriestley created this revision.Dec 22 2018, 5:09 PM

Owners added a subscriber: Restricted Owners Package.Dec 22 2018, 5:09 PM

Harbormaster completed remote builds in B21425: Diff 47572.Dec 22 2018, 5:10 PM

epriestley requested review of this revision.Dec 22 2018, 5:10 PM

epriestley added inline comments.Dec 22 2018, 5:11 PM

src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php
12–16	This capability was tested before on save, but we'd show you an editable form with the comment text before. Now, only show the form if you can actually edit the comment.

Make transaction.search behavior more consistent.
Hide profile more consistently.

Harbormaster completed remote builds in B21426: Diff 47573.Dec 22 2018, 5:18 PM

Since registration is closed on secure and I can just nuke users, and disabling blurbs on admin seems reasonable, I'm not sure this really needs to move forward. I'd like to have a clearer general path on abuse as a whole (T10215) before adding tools, if possible. I think this is a reasonable sort of thing, but I'm not completely confident it fits into the bigger picture on abuse.

epriestley mentioned this in T13215: Secure/Admin have many accounts with commercial links in profile blurbs.Dec 22 2018, 6:35 PM

epriestley abandoned this revision.Dec 22 2018, 6:39 PM