HomePhabricator
Diffusion Phabricator 5fd1e88a7ab7

Add a granular capability for user directory browsing
5fd1e88a7ab7
Actions

Description

Add a granular capability for user directory browsing

Summary:
Fixes T4358. User request from IRC, but I think this is generally reasonable.

Although we can not prevent users from determining that other user accounts exist in the general case, it does seem reasonable to restrict browsing the user directory to a subset of users.

In our case, I'll probably do this on secure.phabricator.com, since it seems a little odd to let Google index the user directory, for example.

Test Plan: Set the policy to "no one" and tried to browse users.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4358

Differential Revision: https://secure.phabricator.com/D8112

Details

Provenance
epriestleyAuthored on
epriestleyPushed on Jan 30 2014, 7:53 PM
Reviewer
btrahan
Differential Revision
D8112: Add a granular capability for user directory browsing
Parents
rP99ab11e97c30: Add a defualt view policy for Pholio
Branches
Unknown
Tags
Unknown
Tasks
T4358: Separate View policy for People page listing

Event Timeline

Changes (5)

PathSize
src/
applications/
people/
application/
controller/
people/
capability/
policy/
capability/
PeopleCapabilityBrowseUserDirectory.php
PhabricatorPolicyCapabilityCanView.php

rP5fd1e88a7ab7

View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/people/application/PhabricatorApplicationPeople.php

Loading...
View Options

src/applications/people/capability/PeopleCapabilityBrowseUserDirectory.php

Loading...
View Options

src/applications/people/controller/PhabricatorPeopleListController.php

Loading...
Phabricator ยท Built by Phacility