Page MenuHomePhabricator

Add ability to search by policy
Closed, WontfixPublic


There are a number of cases where I'd like to be able ask questions like "which objects can X see" or "which projects are editable by non-admins" or other such queries. The general case is the ability to search by either exact policy (which objects of type T have policy X) and policy subsets (which objects of type T would allow users U or project members P to see them).

Event Timeline

eadler raised the priority of this task from to Needs Triage.
eadler updated the task description. (Show Details)
eadler added projects: Search, Policy.
eadler added a subscriber: eadler.

There are a few problems or use cases that would be solved by this:

  • a large number of projects were created prior to setting default policy, so it would be good to search for projects I didn't edit yet
  • Some repositories are only viewable by certain projects, and I'd like to see which ones are set as such
  • We might have a meta policy that "all projects should only be editable admins" and "certain types of projects are only joinable by members of another project" and I'd like to be able to search for projects which violate that meta rule. For example, an open source project might have certain projects which are only joinable by committers but there is no way to find projects are joinable by "anyone" without opening the details pane of every project.

This is also important for tasks: "find all tasks only visible to the security team". etc.

T3820 is the main task you'll want to follow. I don't think we'd be likely to pursue any of these until we understand if they're needed after Spaces.

I think that use case is quite different: spaces provides some very high level isolation between various groups of users. These uses cases relate to projects/tasks/etc. within the same space.

I think I'll follow the spaces task, but I don't think this task will be superseded by that solution.

epriestley claimed this task.
epriestley added a subscriber: epriestley.

I don't anticipate ever building this. It would take months and only partially address a very narrow range of primarily operational use cases.

You can use *.search Conduit API methods to fetch policies for objects in a structured way, or examine the database directly.

I suppose that'll work for maniphest/paste/projects/etc., but the most recent case I had in mind involved dashboard panel edit policies... :/