Page MenuHomePhabricator

Ponder file upload permissions are too restrictive
Closed, ResolvedPublic


If you drag and drop an image into a Ponder question, the permissions default to only visible by the author, which seems counter intuitive. It should follow the logic in D10131 which is that any user that can view the object can view files dropped there. It makes drag and dropping a file into a ponder question very counter intuitive, because it looks like it uploaded fine, but only you can see it.

Sample ponder question: Q94: This is a ponder file upload permission test

The uploaded file:

139870.png (460×460 px, 235 KB)
is set to be only visible by me, but should be visible to all users (or perhaps whatever the visibility of the Ponder application is. )

Event Timeline

bluehawk raised the priority of this task from to Needs Triage.
bluehawk updated the task description. (Show Details)
bluehawk added projects: Ponder, Policy.
bluehawk added a subscriber: bluehawk.

Hmm, I might be wrong. Can anyone else see the image in the ponder question?

(There may be a narrow issue here like "images in the main text of a ponder answer don't get the right permissions".)

I actually can't seem to get it to reproduce at all. I can only figure that one of our developers restricted the permissions of the file he uploaded and then suffered amnesia about it.

Just kidding, got it to work on my test install

Viewing the question as a user other than admin shows:

pasted_file (785×507 px, 39 KB)

I think we are about 3 weeks out of date with master. Let me test again after updating.

Problem still occurs when updated to latest master.

I'm a bit confused. The permissions on file are set to only me. How are you able to view it on On my tests locally other users can't view the file.

When I drag and drop and image in Ponder, I get the following when I click on the File's Policy:

Users with the "Can View" capability:

  • chad (Chad Little) can take this action.
  • The user who uploaded a file can always view and edit it.
  • Files attached to objects are visible to users who can view those objects.
  • Thumbnails are visible only to users who can view the original file.

Is there a way to view what objects a file is attached to?

Click "Attached" on the File page.

Crap. Since I also attached that file to this task, and you guys can view this task you can view the image.

I've left another comment on Q94, which should exhibit the broken behavior.

Oh, haha, you're right. This should be a simple fix.

I would vote to unbeta Ponder after this fix. I can't believe I said that.

I think there are still like 30 huge problems with it

I think you mean un-Prototype :P

I'm 67% certain you made that number up.

chad renamed this task from Ponder file upload permissions are too restrictive. to Ponder file upload permissions are too restrictive.Sep 25 2014, 6:43 PM
epriestley triaged this task as Normal priority.

Note that the fix won't apply retroactively, but if you edit existing questions (e.g., add a space or a period or something) that'll fix the files.