Page MenuHomePhabricator
Create Task
Maniphest T9771

Objects which are restricted because of Spaces render as "Unknown" instead of "Restricted"
Open, WishlistPublic
Actions

Description

(Yes I know that Drydock is a prototype application, but thought that you might not be aware of this)

drydock.png (980×1 px, 211 KB)

Related Objects

Event Timeline

joshuaspence created this task.Nov 12 2015, 9:30 AM
joshuaspence raised the priority of this task from to Needs Triage.
joshuaspence updated the task description. (Show Details)
joshuaspence added a project: Drydock.
joshuaspence added a subscriber: joshuaspence.
epriestley renamed this task from "Unknown Object (Passphrase Credential)" in Drydock to Objects which are restricted because of Spaces render as "Unknown" instead of "Restricted".Nov 16 2015, 6:27 PM
epriestley triaged this task as Wishlist priority.
epriestley edited projects, added Spaces, Policy; removed Drydock.
Herald added a subscriber: revi. · View Herald TranscriptNov 16 2015, 6:27 PM
epriestley added a subscriber: epriestley.Nov 16 2015, 6:31 PM

We apply a Space constraint when executing this query and the object never makes it as far as the application. This is broadly by design, as it hugely improves the scalability of Spaces.

In the specific case of HandleQuery -- or perhaps any query with a PHID component? -- we could disable the Spaces constraint, let the object make it to standard policy filtering, and then drop it in the application so we render "Restricted" (or something more tailored, like "In Forbidden Space") instead of "Unknown".

epriestley merged a task: T9836: Feed doesn't correctly show Restricted Objects.Nov 23 2015, 8:54 PM
epriestley added a subscriber: Mnkras.
epriestley mentioned this in T5046: Repositories requiring authentication does not prompt for auth details over http if "policy.allow-public" is true.Jan 5 2016, 9:12 PM
epriestley merged a task: T5046: Repositories requiring authentication does not prompt for auth details over http if "policy.allow-public" is true.
epriestley updated the task description. (Show Details)
epriestley added subscribers: stwalkerster, ephemeris, easyrasta, mikn.

T5046 has a specific case of this causing particularly questionable behavior when doing HTTP clones -- since the object is totally hidden, you don't get prompted for credentials.

I'm leaning toward making any query with a set of unique identifiers (ids, callsigns, phids, etc) drop the Spaces clause in the query, but this is slightly tricky to do in a general way.

Krenair added a subscriber: Krenair.Feb 24 2016, 11:39 AM
epriestley mentioned this in T11018: Restricted credentials show as unknown in Drydock .May 24 2016, 12:20 AM
epriestley merged a task: T11018: Restricted credentials show as unknown in Drydock .
Herald added a subscriber: eadler. · View Herald TranscriptMay 24 2016, 12:20 AM
Herald added a subscriber: amckinley. · View Herald TranscriptSep 9 2019, 5:06 PM
Phabricator · Built by Phacility