Page MenuHomePhabricator
Create Task
Maniphest T7140

Wiki pages should have an explicit "Inherit" option for policies
Closed, WontfixPublic
Actions

Description

As an example:

  1. Create a top level document with a certain policy
  2. Create a sub document with the default settings
  3. Change top level document policies
  4. Sub document is still set to the old policy

Instead, sub documents should default to an "Inherit" policy so that unless explicitly set, they'll always use the policy of the parent.

(I realise that setting to "Public" would probably get the same effect because of the "you must have access to parents" logic, but in the sub document's UI it'd show "Public" which would convey the wrong meaning)

Related Objects

Mentioned Here
T3670: Add subprojects

Event Timeline

hach-que created this task.Feb 4 2015, 2:25 AM
hach-que raised the priority of this task from to Needs Triage.
hach-que updated the task description. (Show Details)
hach-que added a project: Phriction.
hach-que added a subscriber: hach-que.
btrahan closed this task as Wontfix.Feb 13 2015, 12:35 AM
btrahan claimed this task.
btrahan added a subscriber: btrahan.

This may be too subtle, but the policy is "what the policy is on THIS doc *and* I have to be able to see all the parents". Thus, things currently work like

  • Create a top level doc with a certain policy
  • Create a sub doc with default settings
    • Note the "default settings" are to inherit the parent doc policy, though a user can set it to something else
  • Change top level document policies
  • Sub document is still set to old policies
    • Except any given document can only be seen IFF its parents can also be seen, so its implicitly picked up any top level policy stuff

I think if there's any work to be done here its around smoothing out the UI so the way the policy works is more clearly understood. As stated though, this is a "wontfix" since the policy works as I've outline above by design and we wouldn't want to make the hierarchical stuff optional at this time.

hach-que added a comment.Feb 13 2015, 12:47 AM

The way policy works is clearly understood, it's just impractical when you want to open up a bunch of wiki documents. This is impractical when you have a parent document and 20 children; yes I could go through and update the policies on all 21 documents, but it's annoying and tedious.

In our scenario it was that we wanted to add another project to the list of "members of projects" policy on who could view the deployment-related wiki articles. With custom policies, not only did I have to update all of the child documents, but I also had to go through the custom policy editor for each one.

hach-que added a comment.Feb 13 2015, 12:52 AM

I should add that the way Phragment currently solves this problem is that it has a "Replace policies on child fragments with the policies above.", but this seems less appropriate for Wiki articles (given that you might want to have a child document with a more restrictive policy than it's parent, whereas for Phragment you're usually updating policies for ZIP archives and all their files).

btrahan added a comment.Feb 13 2015, 12:53 AM
In T7140#96200, @hach-que wrote:

The way policy works is clearly understood, it's just impractical when you want to open up a bunch of wiki documents. This is impractical when you have a parent document and 20 children; yes I could go through and update the policies on all 21 documents, but it's annoying and tedious.

In our scenario it was that we wanted to add another project to the list of "members of projects" policy on who could view the deployment-related wiki articles. With custom policies, not only did I have to update all of the child documents, but I also had to go through the custom policy editor for each one.

Isn't this scenario typically...

  • create parent doc with policy "people who deploy code"
  • any sub docs created inherit this policy, unless of course some user changes things but lets assume they did that wisely
  • ...then just add people to the project or create more sub docs as needed and everything is grand?

I do get how if you were to change the parent doc policy, say by adding another project with something like "people who also deploy code but can't be in the main code deploy project", that could be annoying. That said, it feels like once organizational churn simmers down this should be definable in a scalable way?

Basically, this all seems to be the right balance of complexity and power to me. Or said differently, I am not concerned with folks trying to make a set of documents more open having to jump through a hoop or two and carefully think through policy for the future, etc. (If we just took the solution as you proposed it, we'd have the issue of child documents accidentally becoming more open which strikes me as wildly dangerous versus just a hassle...)

hach-que added a comment.Feb 13 2015, 1:04 AM

In our scenario, we have members of various teams who can control deployments, as well as the DevOps team (all of who can control deployments). We could create another project which is "DevOps + Deployment Managers", in addition to the "DevOps" and "Deployment Managers" projects, but this seems like more maintainance of projects (what happens if someone is removed from "DevOps" but not "DevOps + Deployment Managers"? They'll still be able to access stuff that they should no longer have access to.)

btrahan added a comment.Feb 13 2015, 1:23 AM

Sounds like you'll be happy in a post T3670 world. :D

Phabricator · Built by Phacility