Page MenuHomePhabricator

With policies like "'Users A, B, C' and 'Administrators'", the 'Administrators' part is ignored
Closed, ResolvedPublic

Description

Just updated.

All items which had a view/edit policy like described in title (or see the picture below), now are either invisible or not editable by 'Administrators'. If user is mentioned by other part of the rule, then it still works for him.

Policy value is like this:

mysql> select rules from phabricator_policy.policy where phid = 'PHID-PLCY-pfmxm43ackwt3eljfny6';
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| rules                                                                                                                                                                            |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
| [{"action":"allow","rule":"PhabricatorAdministratorsPolicyRule","value":null},{"action":"allow","rule":"PhabricatorUsersPolicyRule","value":["PHID-USER-x5ztyxepdluli5nl4kxm"]}] |
+----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
1 row in set (0.00 sec)

Have not tested for other groups and/or combinations, though.

I'd like to add that I cannot reproduce that with new projects. That problem appeared only for previously existed projects, repositories, audits, etc.

Rolling back to f1d343111f30162037938dd597c80b20bc6fd060 helps, btw.

Event Timeline

dtf created this task.Jan 2 2015, 11:41 AM
dtf raised the priority of this task from to Needs Triage.
dtf updated the task description. (Show Details)
dtf added a subscriber: dtf.
dtf updated the task description. (Show Details)Jan 2 2015, 12:16 PM
dtf updated the task description. (Show Details)
dtf updated the task description. (Show Details)Jan 2 2015, 1:08 PM
Krenair added a subscriber: Krenair.

I've reverted rP8b756 in rP7c4de, so updating should fix this.

chad added a subscriber: chad.Jan 2 2015, 5:16 PM

Did you want to keep this around or OK to close?

I'm going to diff out a forward-fix once I dig through everything else in my queue.

@joshuaspence, feel free to steal this -- I'll probably get to it today but am not actively working on it.