Page MenuHomePhabricator
Create Task
Maniphest T6860

Allow creation of parameterized application policies
Closed, DuplicatePublic
Actions

Description

When default application policies are applied to objects, they are currently copied directly. This allows you to create a policy like:

Default Edit Policy: epriestley

...but this is rarely a useful default policy because it's hard coded to one specific user. A parameterized default would more often be useful:

Default Edit Policy: Acting User

Under a parameterized policy like this, alincoln created a task, the effective policy would be "only alincoln".

I think this is the only useful parameterization among the builtin policies, although it should also ideally be possible to create a parameterized custom policy which uses "Acting User" in conjunction with other rules. This is blocked by T4100.

We can't implement T5135 until this happens, because the current default policy is effectively this parameterized policy ("only the acting user"), and there's no way to express that policy with a defaults control.

This may also interact with T5681. It is possible that applications may have meaningful policy parameters which are creation-time resolvable, although I can't really think of any offhand.

This might possibly interact with T6524, although it doesn't make a ton of sense to me to default a policy to the actor's IP address.

Original Problem

The reporting user wanted to configure Phabricator so that users can create tasks, but can not edit tasks created by other users.

This use case is unusual, but adjacent to other things we want to support and mostly within the realm of reasonableness.

Original Report

Under /applications/view/PhabricatorManiphestApplication/ there currently is only Can Edit Task Status which can be set to All Users or Administrators.

Neither choice is a good one. Setting it to Administrators means, that normal, non-administrator users cannot create new tasks (such as bug reports or feature requests). In our project installation we want normal, non-administrator to be able to create new tasks. Our only option at the moment is to set it to All Users. But this is also not really what we want. Having a user modify its own ticket is okay. But having arbitrary normal, non-administrator users being able to modify each and every task is a security issue.

A good policy for Can Edit Task Status would be Ticket Creator and Administrators.

Alternatively, other bug trackers such as trac allow normal, non-administrator users to create tickets, but not to modify any. Seems even better to me. Configuring as such is currently not possible with maniphest.

Talked about this yesterday with @epriestley on IRC. So if my report is unclear, he can hopefully clarify it.

Revisions and Commits

rP Phabricator
D13251rP52f8756c3c7c Add a "template" parameter to application default policies

Related Objects
Search...

Event Timeline

patrick.schleizer created this task.Jan 4 2015, 1:04 PM
patrick.schleizer raised the priority of this task from to Needs Triage.
patrick.schleizer updated the task description. (Show Details)
patrick.schleizer added a project: Maniphest.
patrick.schleizer added subscribers: patrick.schleizer, epriestley.
chad added a subscriber: chad.Jan 4 2015, 3:41 PM

Can Edit Task Status can be set to any Project (team) as well or Custom.

Can you describe the problem you are trying to solve? We have many "improve Policy" tasks, one that might be better suited to what issues you're currently having.

epriestley renamed this task from maniphest lacks secure policy setting for creation of new tasks to Allow creation of parameterized application policies.Jan 4 2015, 4:28 PM
epriestley triaged this task as Low priority.
epriestley updated the task description. (Show Details)
epriestley edited projects, added Policy; removed Maniphest.
epriestley added a subtask: T4100: Support query parameterization in typeaheads.
epriestley added a parent task: T5135: Allow to change defaults for Passphrase "Visible To" and "Editable By" policies.

I wasn't able to find previous discussion of this immediately -- it was buried in T5135. I updated the description to provide some context.

qgil added a subscriber: qgil.Jan 4 2015, 11:48 PM
nateguchi2 added a subscriber: nateguchi2.Jan 12 2015, 1:14 PM

In our installation, we have it so that if you make a task attached to a project, it sets the default visibility to that project.

This would be a good thing to add to paramaterized policies I'm sure.

ralph.van.etten added a subscriber: ralph.van.etten.Feb 13 2015, 8:49 AM
ralph.van.etten added a comment.Feb 13 2015, 10:24 AM
In T6860#91168, @nateguchi2 wrote:

In our installation, we have it so that if you make a task attached to a project, it sets the default visibility to that project.

Would you mind sharing how you did that? It would solve our problem util another solution is implemented.

chasemp added a subscriber: chasemp.Feb 13 2015, 1:33 PM
ralph.van.etten mentioned this in T7262: Is there a way to list all objects a user can access?.Feb 14 2015, 7:31 AM
devurandom added a subscriber: devurandom.Apr 13 2015, 7:52 PM
epriestley closed subtask T4100: Support query parameterization in typeaheads as Resolved.Apr 23 2015, 7:08 PM
aklapper added a subscriber: aklapper.May 27 2015, 12:37 PM
epriestley mentioned this in T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects.May 28 2015, 6:08 PM
eadler added a subscriber: eadler.May 29 2015, 4:56 PM
epriestley mentioned this in T8488: Remove "room" vs "message" distinction.Jun 9 2015, 6:41 PM
epriestley added a subtask: T5681: Allow applications to provide custom policy rules.Jun 11 2015, 7:05 PM
epriestley added a revision: D13251: Add a "template" parameter to application default policies.Jun 11 2015, 7:08 PM
epriestley added a commit: rP52f8756c3c7c: Add a "template" parameter to application default policies.Jun 11 2015, 8:25 PM
joshuaspence awarded a token.Jun 12 2015, 11:38 AM
epriestley mentioned this in T5681: Allow applications to provide custom policy rules.Jun 13 2015, 10:50 PM
epriestley closed subtask T5681: Allow applications to provide custom policy rules as Resolved.
ephemeris mentioned this in T8611: When Diffusion's "Can Create Repositories" application setting is "All Users," users still can't create repositories.Jun 18 2015, 11:47 PM
epriestley added a parent task: T6787: Clarify UI for Objects with a non-default Policy.Jun 21 2015, 2:05 PM
epriestley mentioned this in T6787: Clarify UI for Objects with a non-default Policy.Jun 21 2015, 2:20 PM
epriestley added a comment.Jun 21 2015, 2:39 PM

We basically have two actual use cases in the wild here:

  1. Create a default Maniphest policy which allows the author to edit tasks: now possible through T5681 with the "Task Author" rule.
  2. Let Passphrase default to author as view/edit policy.

I think this task is actually a really bad idea and we should just store authorPHID on credentials and do an object policy check similar to "Task Author". I'm going to merge this into T5135 to track that.

In particular, as described, this task would make T6787 impossible: when we later went to check if a passphrase had the "default policy" or not, we would have no way to evaluate what the default policy was. Being able to do T6787 seems far more important than total higher-order purity of implementation here. The approach contemplated by this task was also potentially very complex.

epriestley closed this task as a duplicate of T5135: Allow to change defaults for Passphrase "Visible To" and "Editable By" policies.Jun 21 2015, 2:39 PM
epriestley mentioned this in T5135: Allow to change defaults for Passphrase "Visible To" and "Editable By" policies.Jun 21 2015, 2:41 PM
epriestley removed a parent task: T6787: Clarify UI for Objects with a non-default Policy.
epriestley mentioned this in D13385: Save authorPHID on Passphrase Credentials to support "Credential Author" object policy.Jun 22 2015, 2:43 AM
epriestley mentioned this in rP85af4b01b962: Save authorPHID on Passphrase Credentials to support "Credential Author"….Jun 22 2015, 6:28 PM
urzds added a subscriber: urzds.Jul 12 2017, 11:14 AM
Phabricator · Built by Phacility