Page MenuHomePhabricator
Create Task
Maniphest T10061

Split the view policy into "space" and "visible to" line in forms
Closed, WontfixPublic
Actions

Description

Problem

  • Users can change visible to (not a problem)
    • this makes tasks not visible for people who need the task (if they change the line by an error, or in bad faith to vandalize the install)

Current Solution

  • Spaces have pre defined visibilty options, so user can only change the policy to a wanted option

Current Problem

  • User who can edit the spaces, can still the custom "visible to" option, so can change this line to a not wanted group
  • This is a problem at public installs, you as admin have to decide:
    • If people (not trusted or unknown people) should never change the visibiltiy
      • They can not vandalize, make damage, but they can not report confidal issues
    • People could not edit visibilty, and default is public not visible
      • More work to control all new reports, and put them to public visible
    • Let them change the visiblity
      • Admin have to control, if there are not visible issues, and unlock them via ./bin/policy
        • There is no fast way to check this, so you have to investigate much time

Proposed Solution

  • Make seperate actions for "Change space" and "Change visibilty options"
    • You can hide the "visible to" line in forms, and only let people edit the "space line"
    • People can report confidal issues
      • A group of members can still see the issue, and revert the action, if not constructive (less actions to revert)
    • People have no chance to change the visibility to one user only etc.

> Users benefit, they can add non public issues, and the admins have less work.

Event Timeline

Luke081515.2 created this task.Dec 29 2015, 1:23 AM
Herald added a subscriber: revi. · View Herald TranscriptDec 29 2015, 1:23 AM
Luke081515.2 renamed this task from Split the "space" and the "visible to" line in forms to Split the view policy into "space" and "visible to" line in forms.Dec 29 2015, 1:30 AM
chad added a subscriber: chad.Dec 29 2015, 2:44 AM

This feature request doesn't describe a problem, see Describing Root Problems. Specifically, "feature doesn't exist or might cause an issue" doesn't give us any indication how people are having issues using Phabricator.

Luke081515.2 added a comment.Dec 29 2015, 2:56 AM

I think the problem "People can hide tasks from admins and staffs, and you need to investigate much work to find this tasks, and at a worst case scenario people can do illegal thinks at that task, which is not visible for you" is a root problem, because you can't control all tasks at a public instance without forbid the people to mark tasks as not public visible. So you can't give people a chance to report security issues, or issues/requests with private data. This is an existing problem. For example Wikimedia wrote a 3rd party extension for this problem, which lets herald change the policys, without let people adjust the policys at their own (they can choose at a dropdown). So the problem exists, and it can easily solved, by the proposed solution.

chad added a comment.Dec 29 2015, 3:45 AM

Has that actually happened? Our expectation is non experienced users who don't need certain fields should just use a custom form.

epriestley added a subscriber: epriestley.Dec 29 2015, 3:48 AM

Is this an actual problem you've experienced, or purely hypothetical?

What specific harm have you experienced as a result of users hiding things from administrators?

joshuaspence added a subscriber: joshuaspence.Dec 29 2015, 12:31 PM
Luke081515.2 added a comment.Dec 29 2015, 6:03 PM

The worst case scenario was not real, but some time ago I was admin at a instance with public registration. We disabled the possibilty to let users adjust the task policys, after two users abused this to hide important tasks from developers. Sure, we restored this tasks by bin/policy, but we had first to find out, which numbers the tasks had, so we had to insert time in a problem, that can be easily fixed. After this, we disabled the ability to change tasks poliycs for unstrusted users. The problem now, is, that if new users have tasks with confidential informations, they need to contact us at another way, which means more work too, but makes existing tasks more secure. My proposal above has the advantage, that they can report confidetal data, if they change the space, but they had no change to hide data from us, and mass abuse can reverted by a bulk edit.

epriestley added a comment.Jan 2 2016, 12:03 AM

after two users abused this to hide important tasks from developers

To clarify, these users were hiding tasks that other users had reported?

You can prevent this with policies, and this install is configured to do so (for example, you can not hide any of the recently-reported tasks that you didn't report, since you don't have permission to edit them).

epriestley closed this task as Wontfix.Mar 14 2018, 5:09 PM
epriestley claimed this task.
Herald added a subscriber: eadler. · View Herald TranscriptMar 14 2018, 5:09 PM
Phabricator · Built by Phacility