Page MenuHomePhabricator

Access forbidden on homepage if the first dashboard in menu is not visible to user
Closed, DuplicatePublic

Description

  1. Create two dashboards (Dash1 and Dash2).
  2. Set Dash1 to limited visibility, Dash2 to "All users".
  3. Put those dashboard to the top of global menu, first Dash1, then Dash2, and all other items below them.
  4. Access homepage with user, who cannot see Dash1. Get "You Shall Not Pass: Restricted Dashboard" message.

Note that if the order of dashboards is different, the user can see links only to dashboards he can access, and that's fine.
I don't really know whether that is a bug or just undocumented behavior or something else.

Reproduced just now on test Phacility instance.

Event Timeline

dtf created this task.Feb 22 2017, 1:44 PM

Probably very similar or even dupe of T9501

chad added a subscriber: chad.Feb 22 2017, 3:06 PM

What is your expectation here that we do?

chad added a comment.Feb 22 2017, 3:17 PM

I think this is still the best way we have to let you if the dashboard visibility is over-restrictive or mis-installed. I'm not sure magically disappearing it solves anything. It might help to know more about what you are trying to do (was this on purpose, or a mistake) in order to try to better inform admins when they order dashboards like this.

dtf added a comment.Feb 22 2017, 3:19 PM
In T12308#212968, @chad wrote:

What is your expectation here that we do?

I wanted to create several dashboards — one for each team — and put them in such order that the only visible to a user is selected automatically. I assumed that this setup would work after I tested that inaccessible dashboards are hidden from menu for those who cannot access them.

So:

|------------------|
| Dashboard for A  |
| Dashboard for B  | 
| Dashboard for C  |
| Dashboard for D  |
| Public Dashboard |
| Differential     |
| ... etc          |
chad added a comment.Feb 22 2017, 3:22 PM

Do these dashboards contain sensitive information?

chad added a comment.Feb 22 2017, 3:24 PM

Basically we're in feature request territory, and we'll want to understand the root problem installing all these dashboards solves before deciding on what to build.

chad added a subscriber: epriestley.
dtf added a comment.Feb 22 2017, 3:26 PM
In T12308#212972, @chad wrote:

Do these dashboards contain sensitive information?

Yes.

In T12308#212973, @chad wrote:

Basically we're in feature request territory, and we'll want to understand the root problem installing all these dashboards solves before deciding on what to build.

Seems like it what T9501 is about: different default dashboards for different teams.

Do these dashboards contain sensitive information?

For the use-case I was trying to outline in T9501, this would be the case. We work with a handful of external companies and use Phabricator for organizing and communicating work. We also use Phabricator for our code review. Each project with external company (People, Projects, Maniphest) is organized into separate Spaces so that they are fully isolated, and we have a default space for internal use for Diffusion/Differential. Ideally when a user from Company A logs in they would land on a dashboard that shows only the Projects/Maniphest for them, while Company B user logs in and only shows the Projects/Maniphest for them.

Right now the default dashboard is made for our internal developers (shows code reviews) (haven't upgraded to new dashboard experience that was stablized in the past week or so). When a new user from external company registers an account right now I have to instruct them to install a different dashboard that I've built for the company.

Overall this use case I don't think is represented well by either this task or T9501. Should I move this content into that task and re-purpose it?

chad added a comment.Feb 22 2017, 4:12 PM

Yeah, but I still want Spaces to be "hard walls" around content. If it's just some minor dashboard permissions, it might be overkill (ie, they both need to see same tasks).

In my scenario the external companies would not see eachother's tasks (separate Spaces), nor other internal items (default Space). However the developers within my company would need to see things from across multiple Spaces.

With this setup I am logically grouping each Space into having a separate "default" dashboard. However having a single default dashboard would kinda work, I think where it ends up conflicting in my head is that new internal employees would only be using Differential primarily and their dashboard wouldn't have tasks but show code reviews - whereas the new accounts for external companies would never use Differential, and their dashboard would show projects/tasks.