HomePhabricator

Allow task statuses to specify that either "comments" or "edits" are "locked"

Description

Allow task statuses to specify that either "comments" or "edits" are "locked"

Summary:
Ref T13249. See PHI1059. This allows "locked" in maniphest.statuses to specify that either "comments" are locked (current behavior, advisory, overridable by users with edit permission, e.g. for calming discussion on a contentious issue or putting a guard rail on things); or "edits" are locked (hard lock, only task owner can edit things).

Roughly, "comments" is a soft/advisory lock. "edits" is a hard/strict lock. (I think both types of locks have reasonable use cases, which is why I'm not just making locks stronger across the board.)

When "edits" are locked:

  • The edit policy looks like "no one" to normal callers.
  • In one special case, we sneak the real value through a back channel using PolicyCodex in the specific narrow case that you're editing the object. Otherwise, the policy selector control incorrectly switches to "No One".
  • We also have to do a little more validation around applying a mixture of status + owner transactions that could leave the task uneditable.

For now, I'm allowing you to reassign a hard-locked task to someone else. If you get this wrong, we can end up in a state where no one can edit the task. If this is an issue, we could respond in various ways: prevent these edits; prevent assigning to disabled users; provide a bin/task reassign; uh maybe have a quorum convene?

Test Plan:

  • Defined "Soft Locked" and "Hard Locked" statues.
  • "Hard Locked" a task, hit errors (trying to unassign myself, trying to hard lock an unassigned task).
  • Saw nice new policy guidance icon in header.

Screen Shot 2019-02-13 at 6.50.43 PM.png (179×387 px, 16 KB)

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13249

Differential Revision: https://secure.phabricator.com/D20165