There is a serious UX issue in the batch editor which can cause far too many tasks to be affected. To reproduce:
- Try to edit a collection of tasks which are all not editable (you must not have permission to edit any of the tasks you select).
- The edit will incorrectly apply to every task you do have permission to edit.
I think the additional steps below remain worthwhile.
A user showed up in IRC with a batch edit misfire that is not reproducible or technically distinguishable from user error (edit: now reproducible and highly distinguishable), while running an old version of Phabricator with third-party plugins. Since this is hugely disruptive and I can't prove it isn't our fault (edit: 100% our fault) I don't want to brush it off, but it would be helpful to have better tools to log and recover from these misfires.
- Log batch edits and give them PHIDs, so there's a record of who batch edited what and when. We need this for T5166 anyway.
- Save the batch edit PHID on the transaction record: this can make recovery easier, at least, by letting us identify the changes with certainty.
And maybe try harder to prevent user error:
- Require extra-confirm if editing more than ~100 things?
Hypothetically, we could make transactions reversible so you could undo edits, but I'm not eager to pursue this given the tremendous amount of work it entails.