Page MenuHomePhabricator
Feed Advanced Search

Feb 25 2021

epriestley added a comment to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers.

See also T13068, which suggests rendering mentions in a special style when the user has muted the object.

Feb 25 2021, 7:25 PM · Policy, Differential

Feb 19 2021

epriestley created Blog Post: Quick Look: Improved UI for Exiled Users.
Feb 19 2021, 6:58 PM · Policy

Feb 18 2021

epriestley closed T4411: Adding a CC to a Maniphest Task should give View rights for that user as Resolved.

I'm going to close this in favor of T13602, which has a more cohesive/modern discussion of the issue. Broadly:

Feb 18 2021, 8:15 PM · Wikimedia, Policy

Feb 13 2021

epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21556: When a revision has only human reviewers but none can view it, show a warning banner.
Feb 13 2021, 9:21 PM · Policy, Differential
epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21555: When a reviewer can't see a revision, show it clearly in the reviewer list.
Feb 13 2021, 9:12 PM · Policy, Differential
epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21554: Render user hovercards with context information about their ability to see the context object.
Feb 13 2021, 8:56 PM · Policy, Differential
epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21553: Restructure Hovercards to support more context information.
Feb 13 2021, 7:59 PM · Policy, Differential

Feb 5 2021

epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21548: Propagate the "ContextObject" to Remarkup rendering in timelines.
Feb 5 2021, 4:15 PM · Policy, Differential
epriestley added a comment to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers.
  • When rendering a "no view permission" hovercard, it would be nice to annotate it with an explicit "The user can't see this object" piece of context information.
Feb 5 2021, 4:10 PM · Policy, Differential
epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21547: When a subscriber can't see an object, clearly show that they're missing the permission in the curtain UI.
Feb 5 2021, 4:06 PM · Policy, Differential
epriestley added a comment to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers.
  • Context objects don't make it into timeline rendering engines.
  • Context objects don't make it into comment previews.
Feb 5 2021, 1:15 AM · Policy, Differential
epriestley added a revision to T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers: D21546: Lift bulk tests for "many users against one object" capabilities into "PolicyFilterSet".
Feb 5 2021, 1:15 AM · Policy, Differential

Feb 4 2021

epriestley triaged T13602: Improve workflow when users who do not have permission to see a revision are added as reviewers as Normal priority.
Feb 4 2021, 10:15 PM · Policy, Differential

Jan 28 2021

epriestley added a comment to T13478: Fix various policy issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones.

Leftover Raw Members

Jan 28 2021, 5:03 PM · Policy, Projects

Sep 1 2020

20after4 added a comment to T13478: Fix various policy issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones.

Probably related: According to https://phabricator.wikimedia.org/T261642, it seems that when leaving a project, phabricator leaves behind some cruft in the form of materialized memberships for milestones of that project.

Sep 1 2020, 9:42 PM · Policy, Projects

Jun 5 2020

sshannin added a comment to T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects.

Spaces have been working great for my install. The only real place where they're lacking I think arises from their coarseness/mutual-exclusivity.

Jun 5 2020, 9:00 PM · Spaces, Policy, Wikimedia

Feb 20 2020

epriestley added a comment to T13381: Policy explanations for some extended policy objects with "open" default policy plus constraints are misleading.

In T13493, PhabricatorExternalAccountIdentifier could also benefit from this null policy behavior.

Feb 20 2020, 9:41 PM · Policy

Feb 3 2020

epriestley added a revision to T13484: Allow the policy layer to mark objects as damaged when filtering them: D20963: Fix an issue where loading a mangled project graph could fail too abruptly.
Feb 3 2020, 4:45 PM · Policy
epriestley triaged T13484: Allow the policy layer to mark objects as damaged when filtering them as Wishlist priority.
Feb 3 2020, 4:40 PM · Policy

Jan 17 2020

epriestley renamed T13478: Fix various policy issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones from Fix various policy issues issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones to Fix various policy issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones.
Jan 17 2020, 5:19 PM · Policy, Projects

Jan 16 2020

epriestley triaged T13478: Fix various policy issues with project member materialization around interactions between "Project Members" policies and Subprojects/Milestones as Low priority.
Jan 16 2020, 6:49 PM · Policy, Projects

Nov 19 2019

epriestley closed T13462: Correct some policy/membership issues in milestone creation as Resolved.
Nov 19 2019, 7:13 AM · Projects, Policy
epriestley added a comment to T13462: Correct some policy/membership issues in milestone creation.

We materialize some members into the milestone? This causes no real problems, but we shouldn't materialize members into milestones.

Nov 19 2019, 6:53 AM · Projects, Policy
epriestley added a revision to T13462: Correct some policy/membership issues in milestone creation: D20920: When predicting project membership during edits, predict milestones will have parent membership.
Nov 19 2019, 6:52 AM · Projects, Policy
epriestley added a comment to T13462: Correct some policy/membership issues in milestone creation.

We predict the wrong set of members for the milestone when testing policies: we predict "no members", but should predict "exactly the same as the members of the parent project"?

Nov 19 2019, 6:42 AM · Projects, Policy
epriestley added a revision to T13462: Correct some policy/membership issues in milestone creation: D20919: When predicting object policies for project milestones, adjust objects so they behave like milestones.
Nov 19 2019, 6:29 AM · Projects, Policy
epriestley added a comment to T13462: Correct some policy/membership issues in milestone creation.

We check the wrong edit policy when testing if you can create a milestone: we check the default application policy, but should check the parent project policy?

Nov 19 2019, 6:13 AM · Projects, Policy
epriestley triaged T13462: Correct some policy/membership issues in milestone creation as Normal priority.
Nov 19 2019, 6:09 AM · Projects, Policy
epriestley closed T13461: Remove policy tag coloration in object header UI as Resolved by committing rPde66a8ece185: Remove "stronger/weaker" policy color hints from object headers.
Nov 19 2019, 6:05 AM · Policy
epriestley updated the task description for T13461: Remove policy tag coloration in object header UI.
Nov 19 2019, 6:04 AM · Policy
epriestley added a revision to T13461: Remove policy tag coloration in object header UI: D20918: Remove "stronger/weaker" policy color hints from object headers.
Nov 19 2019, 6:00 AM · Policy
epriestley closed T13460: Restore "Owner can view/edit task" policy hint in Task policy explanation dialogs as Resolved by committing rP1996b0cd55c5: Update the "owner can always view/edit" policy exception rule.
Nov 19 2019, 5:54 AM · Policy, Maniphest
epriestley triaged T13461: Remove policy tag coloration in object header UI as Low priority.
Nov 19 2019, 5:49 AM · Policy
epriestley added a revision to T13460: Restore "Owner can view/edit task" policy hint in Task policy explanation dialogs: D20917: Update the "owner can always view/edit" policy exception rule.
Nov 19 2019, 5:41 AM · Policy, Maniphest
epriestley triaged T13460: Restore "Owner can view/edit task" policy hint in Task policy explanation dialogs as Low priority.
Nov 19 2019, 5:38 AM · Policy, Maniphest

Sep 12 2019

epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20811: Fix a straggling callsite to "renderApplicationPolicy()".
Sep 12 2019, 11:21 PM · Policy
epriestley closed T13411: Improve "Custom Policy" behavior in policy dialogs as Resolved by committing rP4f845d8f8c77: When users encounter a policy exception for a non-view capability with a custom….
Sep 12 2019, 4:49 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20807: When users encounter a policy exception for a non-view capability with a custom policy, inline the policy rules.
Sep 12 2019, 4:30 PM · Policy
epriestley closed T6802: "Custom policy" for editing/viewing does not link to details as Resolved.

Here's the fate of the various issues discussed here:

Sep 12 2019, 4:04 PM · Design, Policy
epriestley closed T6802: "Custom policy" for editing/viewing does not link to details, a subtask of T13411: Improve "Custom Policy" behavior in policy dialogs, as Resolved.
Sep 12 2019, 4:03 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20806: When users fail a "CAN_SEE" check, give them an "opaque" policy explanation.
Sep 12 2019, 3:57 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20805: Inline custom policy rules inside policy capability explanation dialogs.
Sep 12 2019, 3:39 PM · Policy
epriestley added a parent task for T6802: "Custom policy" for editing/viewing does not link to details: T13411: Improve "Custom Policy" behavior in policy dialogs.
Sep 12 2019, 3:13 PM · Design, Policy
epriestley added a subtask for T13411: Improve "Custom Policy" behavior in policy dialogs: T6802: "Custom policy" for editing/viewing does not link to details.
Sep 12 2019, 3:13 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20804: Give policy name rendering explicit "text name", "capability link", and "transaction link" pathways.
Sep 12 2019, 2:46 PM · Policy
epriestley added a comment to T13411: Improve "Custom Policy" behavior in policy dialogs.

This should be reworked some day (perhaps partly here) into some more cohesive API, perhaps newLink().

Sep 12 2019, 2:15 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20803: Remove unused "icon" parameter from policy name rendering.
Sep 12 2019, 2:08 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20802: Remove "Editable By" description fields in Passphrase, Phame, and Spaces.
Sep 12 2019, 2:06 PM · Policy
epriestley added a revision to T13411: Improve "Custom Policy" behavior in policy dialogs: D20801: Update rendering of policy edit transactions in Applications.
Sep 12 2019, 2:03 PM · Policy
epriestley added a comment to T13411: Improve "Custom Policy" behavior in policy dialogs.

One other thing is that PhabricatorApplicationPolicyChangeTransaction->renderApplicationPolicy() has unconventional behaviors which are not very helpful and not consistent with normal CAN_EDIT / CAN_VIEW transactions. This is somewhat perplexing because ModularTransactions has renderPolicy() already, which has better behavior. I think it didn't exist yet when Applications modularized in D17757, and when it was introduced in D19829 I just overlooked the opportunity to update it.

Sep 12 2019, 4:47 AM · Policy
epriestley added a comment to T13411: Improve "Custom Policy" behavior in policy dialogs.

In Applications(Pick Something), if an application policy is set to "Custom Policy", the policy is not linked.

Sep 12 2019, 4:39 AM · Policy

Sep 9 2019

epriestley closed T8808: Policy menu should show actual project icon next to project as Resolved by committing rPd2e1c4163a3b: When a project has a custom icon, use that icon to label the project policy in….
Sep 9 2019, 8:38 PM · Policy
epriestley added a revision to T8808: Policy menu should show actual project icon next to project: D20799: When a project has a custom icon, use that icon to label the project policy in the policy dropown.
Sep 9 2019, 8:35 PM · Policy
epriestley moved T6802: "Custom policy" for editing/viewing does not link to details from Backlog to Next on the Policy board.
Sep 9 2019, 5:07 PM · Design, Policy
epriestley moved T8808: Policy menu should show actual project icon next to project from Backlog to Next on the Policy board.
Sep 9 2019, 5:07 PM · Policy
epriestley moved T13411: Improve "Custom Policy" behavior in policy dialogs from Backlog to Next on the Policy board.
Sep 9 2019, 5:06 PM · Policy
epriestley triaged T13411: Improve "Custom Policy" behavior in policy dialogs as Low priority.
Sep 9 2019, 5:06 PM · Policy

Aug 16 2019

epriestley added a comment to T13381: Policy explanations for some extended policy objects with "open" default policy plus constraints are misleading.

A related issue is that when object A returns object B as an extended policy check and the user fails the extended policy check, the "PolicyException" dialog is misleading. It reads like this:

Aug 16 2019, 5:27 PM · Policy
epriestley triaged T13381: Policy explanations for some extended policy objects with "open" default policy plus constraints are misleading as Wishlist priority.
Aug 16 2019, 5:04 PM · Policy

Aug 2 2019

epriestley closed T13364: Clarify that deleting repositories (and users?) from the web UI is explicitly not supported, not a resource limitation as Resolved by committing rP1fe631116771: Modernize user and repository "delete" workflows and improve documentation.
Aug 2 2019, 4:30 PM · Diffusion, Policy, Documentation
epriestley added a revision to T13364: Clarify that deleting repositories (and users?) from the web UI is explicitly not supported, not a resource limitation: D20694: Modernize user and repository "delete" workflows and improve documentation.
Aug 2 2019, 4:23 PM · Diffusion, Policy, Documentation

Aug 1 2019

epriestley triaged T13364: Clarify that deleting repositories (and users?) from the web UI is explicitly not supported, not a resource limitation as Low priority.
Aug 1 2019, 9:53 PM · Diffusion, Policy, Documentation

Jun 20 2019

epriestley created T13323: Remove the "CAN_EDIT on a parent project implies CAN_EDIT on a child project" policy rule.
Jun 20 2019, 5:20 PM · Policy, Projects

Jun 19 2019

epriestley added a comment to T4411: Adding a CC to a Maniphest Task should give View rights for that user.

See also T13317.

Jun 19 2019, 6:20 PM · Wikimedia, Policy

May 3 2019

epriestley closed T7703: Policy checks may execute incompletely for non-viewers as Resolved.

Although I'm not entirely confident that 100% of objects which should implement ExtendedPolicyInterface actually do today, I think we've gotten pretty much all of them. This approach also seems stable.

May 3 2019, 4:53 AM · Policy, Herald, Flags
epriestley closed T7703: Policy checks may execute incompletely for non-viewers, a subtask of T8377: Build the core "Spaces" Application, as Resolved.
May 3 2019, 4:53 AM · Spaces, Wikimedia, Policy

Apr 2 2019

epriestley closed T12871: Setting a restricted dashboard as the topmost item in the global menu can lock some users out as Resolved by committing rPdfe47157d322: When picking a default menu item to render, don't pick disabled items.
Apr 2 2019, 10:21 PM · Policy, Dashboards, Bug Report

Mar 31 2019

epriestley moved T12871: Setting a restricted dashboard as the topmost item in the global menu can lock some users out from Backlog to Next on the Dashboards board.
Mar 31 2019, 10:00 PM · Policy, Dashboards, Bug Report
epriestley added a revision to T12871: Setting a restricted dashboard as the topmost item in the global menu can lock some users out: D20359: When picking a default menu item to render, don't pick disabled items.
Mar 31 2019, 9:13 PM · Policy, Dashboards, Bug Report

Mar 29 2019

epriestley removed a project from T12871: Setting a restricted dashboard as the topmost item in the global menu can lock some users out: Profile Menu Item.
Mar 29 2019, 4:34 PM · Policy, Dashboards, Bug Report

Mar 11 2019

epriestley closed T6502: Policy to define who can move cards in a workboard as Wontfix.

To summarize the state of the world here:

Mar 11 2019, 2:18 PM · Projects, Wikimedia, Policy, Workboards

Dec 17 2018

epriestley closed T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor as Resolved.

This appears to be stable and working properly. D19897 removes a straggling guardrail.

Dec 17 2018, 8:46 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Nov 26 2018

epriestley added a project to T13223: "Land Revision" builds a commit message as an omnipotent user, not the revision author or landing user: Drydock.
Nov 26 2018, 5:53 PM · Drydock, Policy, Differential, Security
epriestley triaged T13223: "Land Revision" builds a commit message as an omnipotent user, not the revision author or landing user as Low priority.
Nov 26 2018, 5:53 PM · Drydock, Policy, Differential, Security

Nov 21 2018

epriestley triaged T13220: Support "phantom" policies for templating, like "Current Viewer", which transform when objects are saved as Normal priority.
Nov 21 2018, 5:18 PM · Policy
epriestley added a project to T13220: Support "phantom" policies for templating, like "Current Viewer", which transform when objects are saved: Policy.
Nov 21 2018, 5:18 PM · Policy

Sep 13 2018

epriestley added a comment to T9041: Control access to administrator capabilities with custom policies.

I don't currently plan to make "Disable User" any more granular than it is. If you have a use case where you want multiple administrator levels and to allow administrators at a certain level to act downward but not upward, you might be able to do something like have an enforcer-bot account which users can instruct to disable one another. The enforcer-bot itself could act via the API.

Sep 13 2018, 2:42 PM · FreeBSD, Policy, People
aklapper added a comment to T9041: Control access to administrator capabilities with custom policies.

"Disable User", specifically, is now granular.

Sep 13 2018, 9:41 AM · FreeBSD, Policy, People

Aug 27 2018

epriestley closed T9041: Control access to administrator capabilities with custom policies as Resolved.

"Disable User", specifically, is now granular.

Aug 27 2018, 6:43 PM · FreeBSD, Policy, People
epriestley added a revision to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor: D19608: Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine.
Aug 27 2018, 2:56 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 24 2018

epriestley added a comment to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.

Pushing the requireCapabilities() change out one more week since I had some stuff crop up early this week and it didn't get a chance to soak.

Aug 24 2018, 4:26 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading
epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 24 2018, 4:25 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 18 2018

epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 18 2018, 8:10 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 17 2018

epriestley added a comment to T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.

I'm going to push this out to next week since D19586 probably has a few minor issues with it and it's close to the release cut. It adds a lot of new policy checks which weren't explicit before, so I'd guess it may cause a few improper policy errors on things which are actually allowed. I caught a bunch of them (like "Mute Thread") but probably didn't get every single one.

Aug 17 2018, 3:32 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading
epriestley updated the task description for T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor.
Aug 17 2018, 3:30 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 16 2018

epriestley added a comment to T10003: Upgrading: Maniphest field-level policies ("Can Prioritize Tasks", etc.) have been deprecated and will be removed.

These are actually removed in 2018 Week 33. See T13186 for a small amount of followup and discussion, although there isn't too much new information beyond what's here.

Aug 16 2018, 6:18 PM · Policy, Maniphest, Installing & Upgrading
epriestley closed T10003: Upgrading: Maniphest field-level policies ("Can Prioritize Tasks", etc.) have been deprecated and will be removed as Resolved by committing rP296bf046a812: Remove deprecated Maniphest "Can Edit <Specific Property>" capabilities.
Aug 16 2018, 5:51 PM · Policy, Maniphest, Installing & Upgrading
epriestley triaged T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor as Low priority.
Aug 16 2018, 4:01 PM · Security, Policy, ApplicationEditor, Guides, Installing & Upgrading

Aug 14 2018

epriestley added a revision to T10003: Upgrading: Maniphest field-level policies ("Can Prioritize Tasks", etc.) have been deprecated and will be removed: D19581: Remove deprecated Maniphest "Can Edit <Specific Property>" capabilities.
Aug 14 2018, 5:52 PM · Policy, Maniphest, Installing & Upgrading

Jun 21 2018

epriestley added a comment to T13154: Public tasks not displayed when logged in under a not-yet-approved user account.

As a possible workaround, a trivial diff which might "fix" this problem is to change the dialog to tell users that they may get more access while they wait by logging out:

Jun 21 2018, 12:05 PM · Policy

Jun 19 2018

aklapper added a comment to T13154: Public tasks not displayed when logged in under a not-yet-approved user account.

Thanks for the great explanation and the pointers!

Jun 19 2018, 8:39 PM · Policy
epriestley changed the status of T13154: Public tasks not displayed when logged in under a not-yet-approved user account from Resolved to Wontfix.

(I suppose "wontfix" is a more appropriate resolution.)

Jun 19 2018, 8:34 PM · Policy
epriestley closed T13154: Public tasks not displayed when logged in under a not-yet-approved user account as Resolved.

It's intentional that unapproved accounts have less access than logged-out accounts in some configurations.

Jun 19 2018, 8:33 PM · Policy

Jun 18 2018

aklapper updated the task description for T13154: Public tasks not displayed when logged in under a not-yet-approved user account.
Jun 18 2018, 12:48 PM · Policy
aklapper created T13154: Public tasks not displayed when logged in under a not-yet-approved user account.
Jun 18 2018, 12:20 PM · Policy

Apr 27 2018

amckinley closed T13128: Phriction document header doesn't render policy strength variations as Resolved by committing rP9a0dd55442d7: Extend PhabricatorPolicyCodex interface to handle "interesting" policy defaults.
Apr 27 2018, 11:56 PM · Policy, PHUI, Phriction

Apr 26 2018

amckinley added a revision to T13128: Phriction document header doesn't render policy strength variations: D19409: Extend PhabricatorPolicyCodex interface to handle "interesting" policy defaults.
Apr 26 2018, 12:06 AM · Policy, PHUI, Phriction

Apr 25 2018

epriestley added a comment to T13128: Phriction document header doesn't render policy strength variations.

I suppose the approach proposed above gets a questionable result here:

Apr 25 2018, 8:43 PM · Policy, PHUI, Phriction
epriestley added a comment to T13128: Phriction document header doesn't render policy strength variations.

After actually looking at the code, it looks like null can already be returned and works, it's just kind of wrong for some objects (like Dashboards) because they really do have a default policy -- it's just hard-coded.

Apr 25 2018, 8:28 PM · Policy, PHUI, Phriction

Apr 24 2018

epriestley added a comment to T13128: Phriction document header doesn't render policy strength variations.

I'm going to tentatively put this (the Phriction rule, specifically) into T13130 for this week although I'm not sure how much work getting getDefaultPolicyForObject() to return the root document policy is and maybe that's Unbelievably Difficult. Let me take a quick look at that and you can either run with it or I can pick it up if it's some kind of weird arcana.

Apr 24 2018, 4:26 PM · Policy, PHUI, Phriction