Page MenuHomePhabricator

Allow to change defaults for Passphrase "Visible To" and "Editable By" policies
Closed, ResolvedPublic

Event Timeline

swisspol raised the priority of this task from to Needs Triage.
swisspol updated the task description. (Show Details)
swisspol added a subscriber: swisspol.

In our case I would like the defaults to be administrators / administrators.

epriestley added a subscriber: epriestley.

This is somewhat involved because there's no way to express the current defaults ("the viewing user") in an administrative policy control. That is, if you are "alincoln", you can set "Default View Policy" to "only alincoln can see this", but you can not select "only whichever user account is creating the credential can see this", so that when you create a credential the defaults are "only alincoln can see this", but when "htaft" creates a credential the defaults are "only htaft can see this".

This is not too difficult to fix, but not trivial.

It seems increasingly clear that T6860 was a really bad idea. New pathway forward here is completely straightforward:

  • Start saving authorPHID on credentials.
  • Add a "Credential Author" object policy for these objects, which looks like ManiphestTaskAuthorPolicyRule.
  • Set that as the default policy.
  • Expose standard policy default preferences.