- Mentioned In
- T11018: Restricted credentials show as unknown in Drydock
T5046: Repositories requiring authentication does not prompt for auth details over http if "policy.allow-public" is true
- Mentioned Here
- T5046: Repositories requiring authentication does not prompt for auth details over http if "policy.allow-public" is true
We apply a Space constraint when executing this query and the object never makes it as far as the application. This is broadly by design, as it hugely improves the scalability of Spaces.
In the specific case of HandleQuery -- or perhaps any query with a PHID component? -- we could disable the Spaces constraint, let the object make it to standard policy filtering, and then drop it in the application so we render "Restricted" (or something more tailored, like "In Forbidden Space") instead of "Unknown".
T5046 has a specific case of this causing particularly questionable behavior when doing HTTP clones -- since the object is totally hidden, you don't get prompted for credentials.
I'm leaning toward making any query with a set of unique identifiers (ids, callsigns, phids, etc) drop the Spaces clause in the query, but this is slightly tricky to do in a general way.