HomePhabricator
Diffusion Phabricator aacc62463d61

Prevent editing and deleting comments in locked conversations
aacc62463d61
Actions

Description

Prevent editing and deleting comments in locked conversations

Summary:
Ref T13289. This tightens up a couple of corner cases around locked threads.

Locking is primarily motivated by two use cases: stopping nonproductive conversations on open source installs (similar to GitHub's feature); and freezing object state for audit/record-keeping purposes.

Currently, you can edit or remove comments on a locked thread, but neither use case is well-served by allowing this. Require "CAN_INTERACT" to edit or remove a comment.

Administrators can still remove comments from a locked thread to serve "lock a flamewar, then clean it up", since "Remove Comment" on a comment you don't own is fairly unambiguously an administrative action.

Test Plan:

  • On a locked task, tried to edit and remove my comments as a non-administrator. Saw appropriate disabled UI state and error dialogs (actions were disallowed).
  • On a locked task, tried to remove another user's comments as an administrator. This works.
  • On a normal task, edited comments normally.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13289

Differential Revision: https://secure.phabricator.com/D20551

Details

Provenance
epriestleyAuthored on May 23 2019, 5:55 PM
epriestleyPushed on May 24 2019, 2:04 AM
Reviewer
amckinley
Differential Revision
D20551: Prevent editing and deleting comments in locked conversations
Parents
rPf838ad182753: Fix two straggling pagination issues in Drydock
Branches
Unknown
Tags
Unknown
Tasks
T13289: Plans: 2019 Week 21-23 Bonus Content
Build Status
Buildable 22908
Build 31427: Run Core Tests

Event Timeline

epriestley committed rPaacc62463d61: Prevent editing and deleting comments in locked conversations (authored by epriestley).May 24 2019, 2:04 AM
epriestley added a task: T13289: Plans: 2019 Week 21-23 Bonus Content.
epriestley added an edge: D20551: Prevent editing and deleting comments in locked conversations.
Harbormaster completed building B22908: rPaacc62463d61: Prevent editing and deleting comments in locked conversations.May 24 2019, 2:06 AM
20after4 added a subscriber: 20after4.Jul 11 2019, 8:49 PM

Apparently commits don't support CAN_INTERACT capability?

epriestley added a comment.EditedJul 11 2019, 8:51 PM

What are you seeing in particular?

Commits don't have an explicit CAN_INTERACT, but objects with no explicit CAN_INTERACT should generally fall back to CAN_VIEW behavior -- my expectation/intention here is that commits aren't affected.

(Test: editing this comment.)

20after4 added a comment.Jul 11 2019, 10:45 PM

@epriestley: Try removing a comment, it throws an exception

20after4 added inline comments.Jul 11 2019, 10:46 PM
/src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php
39

exception:

Testing for capability "interact" on an object ("PhabricatorRepositoryCommit") which does not support that capability.

epriestley mentioned this in D20648: Update one straggling "CAN_INTERACT" check in comment removal.Jul 11 2019, 10:51 PM
epriestley added a comment.Jul 11 2019, 10:53 PM

Thanks! D20648 should fix that -- it slipped through in D20558.

epriestley mentioned this in rP41ea204144ab: Update one straggling "CAN_INTERACT" check in comment removal.Jul 11 2019, 11:10 PM

Changes (5)

PathSize
src/
applications/
transactions/
controller/
editor/
view/
view/
phui/

rPaacc62463d61

View Options

src/applications/transactions/controller/PhabricatorApplicationTransactionCommentEditController.php

Loading...
View Options

src/applications/transactions/controller/PhabricatorApplicationTransactionCommentRemoveController.php

Loading...
View Options

src/applications/transactions/editor/PhabricatorApplicationTransactionCommentEditor.php

Loading...
View Options

src/applications/transactions/view/PhabricatorApplicationTransactionView.php

Loading...
View Options

src/view/phui/PHUITimelineEventView.php

Loading...
Phabricator · Built by Phacility