Page MenuHomePhabricator
Create Task
Maniphest T4889

Commit summaries affiliated with policy-restricted repos are visible to users not in the policy to which the repo is restricted
Closed, ResolvedPublic
Actions

Description

I'm guessing that this is actually some setting I have wrong, but after a while of looking, I haven't been able to find it. On our phabricator instance, we have restrictive projects for groups, and then each repo belongs to one of these projects. If a user who is not in the project attempts to view the repo's source, phabricator blocks them as it should.

If the same user goes into the Audit application and selects "All Commits", they can then see the commits and the summary text (although they do not have access to view the commit object itself). Can this be disabled with a setting change?

Related Objects
Search...

Event Timeline

davidressman created this task.Apr 24 2014, 12:48 AM
davidressman raised the priority of this task from to Needs Triage.
davidressman updated the task description. (Show Details)
davidressman added a subscriber: davidressman.
epriestley added subscribers: btrahan, epriestley.Apr 24 2014, 1:46 AM

This will be resolved by T4715, which has most of a diff ready (D8805). @btrahan is leading the charge on it and has been traveling this week, but I expect this will be fixed pretty shortly.

epriestley edited this Maniphest Task.Apr 24 2014, 1:47 AM
davidressman added a comment.Apr 24 2014, 2:18 AM

I DEMAND SATISFACTION

btrahan added a comment.Apr 25 2014, 1:06 AM

I'm back.

D8805 should get an update tomorrow. It ends up touching a large surface area and I need a big block of time to finish it off and test it well, which I will have tomorrow. :D

epriestley closed this task as Resolved.Apr 30 2014, 9:02 PM
epriestley claimed this task.

This should be fixed as of a few days ago. There are a couple of minor things still trickling in for the newer UI, but the basic policy issue should be good now.

Phabricator · Built by Phacility