Visibility policies for objects in private Spaces can include 'Public' and be very misleading
Closed, ResolvedPublic

Description

(See second half of https://secure.phabricator.com/T8376#120500 - join https://secure.phabricator.com/tag/space_test_users/ and then you'll be able to view https://secure.phabricator.com/T8514 which demonstrates this issue)

If you have a private space and you put an object in it, the object's visibility policy can still be 'Public' (and this shows in a very visible location at the top of the object's page). But you can't see it unless you also meet the space's policy - I think this is very bad because it will confuse users who won't recognise/understand what the object being in a private space actually means for visibility policy.

Basically I think that users are going to expect that if they see 'Public', the information they're viewing is public. In reality, Phabricator is going to be expecting users to understand how space visibility policy is also required to view the object, not only the object's own visibility policy. Given that some users in very trusted positions don't seem to understand basic object-level policy, I think this is a very bad assumption, and that this should block our own adoption of Spaces downstream for anything actually confidential.

Krenair created this task.Jun 15 2015, 1:42 PM
Krenair updated the task description. (Show Details)
Krenair raised the priority of this task from to Needs Triage.
Krenair added subscribers: Krenair, Qgil, csteipp, Jalexander.
Restricted Application added subscribers: scfc, Aklapper. · View Herald TranscriptJun 15 2015, 1:42 PM
Krenair added a comment.EditedJun 15 2015, 1:44 PM


A screenshot of one of the example objects upstream demonstrating this issue. Is this object public or private? (assuming, for a moment, that to see Test Space you need to be in WMF-NDA or equivalent)

Qgil added a comment.Jun 22 2015, 10:33 AM

Solved? https://secure.phabricator.com/T8376#122261

In any case, it looks like this problem will be solved by the time we start testing Spaces here.

I imagine there's some weird cases possible such as a restrictive space policy preventing a single-user-only (or admins, or projects that don't directly map to the space) object visibility policy from being meaningful, but I reckon it covers the main cases I was concerned about. Other people feel free to reopen if you disagree though.

Krenair closed this task as Resolved.Jun 22 2015, 2:49 PM
Krenair claimed this task.
Krenair removed Krenair as the assignee of this task.
Krenair set Security to None.
Restricted Application added subscribers: TerraCodes, JEumerus. · View Herald TranscriptMay 23 2016, 6:01 PM