Access policies for content within Phabricator.
Feb 25 2021
See also T13068, which suggests rendering mentions in a special style when the user has muted the object.
Feb 19 2021
Feb 18 2021
I'm going to close this in favor of T13602, which has a more cohesive/modern discussion of the issue. Broadly:
Feb 13 2021
Feb 5 2021
- When rendering a "no view permission" hovercard, it would be nice to annotate it with an explicit "The user can't see this object" piece of context information.
- Context objects don't make it into timeline rendering engines.
- Context objects don't make it into comment previews.
Feb 4 2021
Jan 28 2021
Leftover Raw Members
Sep 1 2020
Probably related: According to https://phabricator.wikimedia.org/T261642, it seems that when leaving a project, phabricator leaves behind some cruft in the form of materialized memberships for milestones of that project.
Jun 5 2020
Spaces have been working great for my install. The only real place where they're lacking I think arises from their coarseness/mutual-exclusivity.
Feb 20 2020
In T13493, PhabricatorExternalAccountIdentifier could also benefit from this null policy behavior.
Feb 3 2020
Jan 17 2020
Jan 16 2020
Nov 19 2019
We materialize some members into the milestone? This causes no real problems, but we shouldn't materialize members into milestones.
We predict the wrong set of members for the milestone when testing policies: we predict "no members", but should predict "exactly the same as the members of the parent project"?
We check the wrong edit policy when testing if you can create a milestone: we check the default application policy, but should check the parent project policy?
Sep 12 2019
Here's the fate of the various issues discussed here:
This should be reworked some day (perhaps partly here) into some more cohesive API, perhaps newLink().
One other thing is that PhabricatorApplicationPolicyChangeTransaction->renderApplicationPolicy() has unconventional behaviors which are not very helpful and not consistent with normal CAN_EDIT / CAN_VIEW transactions. This is somewhat perplexing because ModularTransactions has renderPolicy() already, which has better behavior. I think it didn't exist yet when Applications modularized in D17757, and when it was introduced in D19829 I just overlooked the opportunity to update it.