Page MenuHomePhabricator

Visibility policies for objects in private Spaces can include 'Public' and be very misleading
Closed, ResolvedPublic


(See second half of - join and then you'll be able to view which demonstrates this issue)

If you have a private space and you put an object in it, the object's visibility policy can still be 'Public' (and this shows in a very visible location at the top of the object's page). But you can't see it unless you also meet the space's policy - I think this is very bad because it will confuse users who won't recognise/understand what the object being in a private space actually means for visibility policy.

Basically I think that users are going to expect that if they see 'Public', the information they're viewing is public. In reality, Phabricator is going to be expecting users to understand how space visibility policy is also required to view the object, not only the object's own visibility policy. Given that some users in very trusted positions don't seem to understand basic object-level policy, I think this is a very bad assumption, and that this should block our own adoption of Spaces downstream for anything actually confidential.

Event Timeline

Krenair raised the priority of this task from to Needs Triage.
Krenair updated the task description. (Show Details)
Krenair added subscribers: Krenair, Qgil, csteipp, Jalexander.

pasted_file (107×427 px, 17 KB)

A screenshot of one of the example objects upstream demonstrating this issue. Is this object public or private? (assuming, for a moment, that to see Test Space you need to be in WMF-NDA or equivalent)


In any case, it looks like this problem will be solved by the time we start testing Spaces here.

I imagine there's some weird cases possible such as a restrictive space policy preventing a single-user-only (or admins, or projects that don't directly map to the space) object visibility policy from being meaningful, but I reckon it covers the main cases I was concerned about. Other people feel free to reopen if you disagree though.

Krenair claimed this task.
Krenair removed Krenair as the assignee of this task.
Krenair set Security to None.