Page MenuHomePhabricator

When users fail a "CAN_SEE" check, give them an "opaque" policy explanation
ClosedPublic

Authored by epriestley on Sep 12 2019, 3:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sat, Dec 14, 12:18 PM
Unknown Object (File)
Fri, Dec 13, 10:54 AM
Unknown Object (File)
Wed, Dec 4, 8:08 PM
Unknown Object (File)
Wed, Dec 4, 10:52 AM
Unknown Object (File)
Fri, Nov 29, 6:18 PM
Unknown Object (File)
Nov 26 2024, 8:46 PM
Unknown Object (File)
Nov 21 2024, 4:47 PM
Unknown Object (File)
Nov 18 2024, 12:42 PM
Subscribers
None

Details

Summary

Ref T13411. Currently, if you hit a policy exception because you can't view an object, we disclose details about the view policy of the object, particularly which project's members can see the object for project policies.

Although there's a large amount of grey area here, this feels like a more substantial disclosure than we offer in other contexts. Instead, if you encounter a policy exception while testing "CAN_VIEW" or don't have "CAN_VIEW", present an "opaque" explanation which omits details that viewers who can't view the object shouldn't have access to. Today, this is the name of "Project" policies (and, implicitly, the rulesets of custom policies, which we now disclose in other similar contexts).

Test Plan
  • Hit policy exceptions for "CAN_VIEW" on an object with a project view policy, saw an opaque explanation.
  • Hit policy exceptions for "CAN_EDIT" on an object with a project edit policy and a view policy I satisfied, saw a more detailed explanation.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision was not accepted when it landed; it landed in state Needs Review.Sep 12 2019, 4:42 PM
This revision was automatically updated to reflect the committed changes.