Page MenuHomePhabricator
Differential D8112

Add a granular capability for user directory browsing
ClosedPublic
Actions

Authored by epriestley on Jan 30 2014, 7:40 PM.
Tags
None
Referenced Files
F15473515: D8112.diff
Sat, Apr 5, 10:55 PM
F15462761: D8112.id18355.diff
Tue, Apr 1, 5:31 PM
F15452488: D8112.id18344.diff
Sat, Mar 29, 5:14 AM
F15448908: D8112.diff
Fri, Mar 28, 7:31 AM
F15379452: D8112.diff
Thu, Mar 13, 9:16 PM
F15376903: D8112.id.diff
Thu, Mar 13, 6:31 AM
F15336021: D8112.diff
Mar 8 2025, 6:07 PM
Unknown Object (File)
Feb 23 2025, 3:38 AM
View All Files
Subscribers
aran

Details

Reviewers
btrahan
Maniphest Tasks
T4358: Separate View policy for People page listing
Commits
Restricted Diffusion Commit
rP5fd1e88a7ab7: Add a granular capability for user directory browsing
Summary

Fixes T4358. User request from IRC, but I think this is generally reasonable.

Although we can not prevent users from determining that other user accounts exist in the general case, it does seem reasonable to restrict browsing the user directory to a subset of users.

In our case, I'll probably do this on secure.phabricator.com, since it seems a little odd to let Google index the user directory, for example.

Test Plan

Set the policy to "no one" and tried to browse users.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Revision Contents
Changeset List

PathSize
src/
2 lines
applications/
people/
application/
8 lines
capability/
25 lines
controller/
5 lines

Diff 18355

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/people/application/PhabricatorApplicationPeople.php

Loading...
View Options

src/applications/people/capability/PeopleCapabilityBrowseUserDirectory.php

Loading...
View Options

src/applications/people/controller/PhabricatorPeopleListController.php

Loading...
Phabricator · Built by Phacility