Page MenuHomePhabricator

Allow limiting which "Can View" settings can be used for files
Closed, WontfixPublic

Description

We would like to make it so files created at https://phabricator.wikimedia.org/file/upload/ can only be set to certain Can View values (or hide the Can View setting there entirely, but in that case we would need to make sure you could still create private files as part of our private tasks implementation).

I think we would exclude "All Users" (since it provides no security and goes against our normal policy of Public). I'm not sure which others we would exclude.

The general concept of the feature is the same as for Maniphest. We already hide Can View there (https://phabricator.wikimedia.org/maniphest/task/create/). I believe the security field there is custom to us.

See https://phabricator.wikimedia.org/T1248

Event Timeline

mattflaschen raised the priority of this task from to Needs Triage.
mattflaschen updated the task description. (Show Details)
mattflaschen added projects: Wikimedia, Files.
mattflaschen updated the task description. (Show Details)
mattflaschen updated the task description. (Show Details)
mattflaschen added subscribers: mattflaschen, qgil.

What is the specific problem you are encountering?

In T6565#84194, @chad wrote:

What is the specific problem you are encountering?

The goal is to avoid users setting the wrong (for our use cases) visibility. E.g. All Users is just inconsistent for our installation. There is no reason we would want it in any file. Public should be used instead.

I'd quite like the option of globally of disabling All Users - much like Public has to be explicitly enabled.

It makes no sense for a fully public install with no registration restrictions (much like the warning banners in Auth about not having any registration restrictions :P).

chad claimed this task.

This isn't something we'd likely build as a one-off. Our concern would be that this is only theoretical, for an application that rarely sees use, and that no other install has asked for options like this. I'd also suspect implementing T6564 would resolve most issues anyways.

https://secure.phabricator.com/book/phabcontrib/article/feature_requests/ covers a bit more in detail about features we accept into the upstream.

@asherkin file something? it might make sense around T3820 - i imagine we'll try to streamline setting up global policies with that.