Page MenuHomePhabricator

When users fail a "CAN_SEE" check, give them an "opaque" policy explanation

Authored by epriestley on Sep 12 2019, 3:57 PM.



Ref T13411. Currently, if you hit a policy exception because you can't view an object, we disclose details about the view policy of the object, particularly which project's members can see the object for project policies.

Although there's a large amount of grey area here, this feels like a more substantial disclosure than we offer in other contexts. Instead, if you encounter a policy exception while testing "CAN_VIEW" or don't have "CAN_VIEW", present an "opaque" explanation which omits details that viewers who can't view the object shouldn't have access to. Today, this is the name of "Project" policies (and, implicitly, the rulesets of custom policies, which we now disclose in other similar contexts).

Test Plan
  • Hit policy exceptions for "CAN_VIEW" on an object with a project view policy, saw an opaque explanation.
  • Hit policy exceptions for "CAN_EDIT" on an object with a project edit policy and a view policy I satisfied, saw a more detailed explanation.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Sep 12 2019, 4:42 PM
This revision was automatically updated to reflect the committed changes.