Page MenuHomePhabricator
Create Task
Maniphest T122556

Figure out what upstream "Can Edit Task Policies" policy deprecation means for our Spaces/ACL setup
Closed, ResolvedPublic
Actions

Description

Under https://phabricator.wikimedia.org/applications/view/PhabricatorManiphestApplication/ we have Can Edit Task Policies: Custom Policy set to numerous acl* projects, Security, etc etc.
This setting has been removed in upstream in https://secure.phabricator.com/T10003.

Our docs for Phab admins creating Spaces currently say

add "Allow members of acl*groupname_policy_admins" to Phabricator's global custom "Can Edit Task Policies" setting. This is required to display the "Visible To" and "Editable By" fields (and hence the Spaces dropdown for members of that Space) in the task creation form.

Hence find out how this upstream change will affect our Spaces workflow, and if it somehow does not, @Aklapper to 'only' update our on-wiki Spaces documentation.

Revisions and Commits

Restricted Differential Revision

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedNoneT76913 Sticky filters on workboards
 ResolvedNoneT85441 Workboard's Filter > Advanced filter isn't prefilled with current filter
 ResolvedNoneT122875 Phabricator diffusion fails markup rendering for large files
 ResolvedepriestleyT77927 Should be possible to assign backgrounds to boards
 ResolvedNoneT127905 New tasks are not defaulting to the top of the default column
 Resolved mmodellT126797 Next Phabricator Upgrade - 2016-03-03
 ResolvedNoneT105404 [EPIC] Gather requirements from teams for Phab project management feature requests
 Resolved mmodellT876 @mentions in descriptions should autocomplete
 ResolvedAklapperT95343 Show tags in Phab Sprint and Workboard UI
 Resolved mmodellT94886 Phabricator workboards should have scroll-locked column headers
 ResolvedAklapperT122554 Update our Herald docs to incorporate additional upstream options
 DeclinedNoneT91538 Make new tasks within a specific project use a template in description field
 Resolved mmodellT115017 For new Phab accounts, link to [[mw:How to report a bug]] at the top of task creation form
 ResolvedNoneT91529 Turning the sprint flag on should apply the expected icon and color to the project
 Declined mmodellT123078 Build a phabricator cli tool to migrate projects into subprojects / milestones.
 Resolved mmodellT120903 investigate hiding the policy controls for phabricator projects.
 Resolved mmodellT87135 Phabricator should only notify changes to the "Security" field if it is indeed changed
 ResolvedAklapperT124160 Update our Phabricator project membership+overview / notification / "action" dropdown documentation
 Resolved mmodellT77228 Let non-members watch projects
 ResolvedNoneT120772 Upgrade to "Projects V3"
 DeclinedVarnentT89335 Creating private tasks by filling a web form (for AffCom)
 Resolved mmodellT119708 setting security to software security bug excluded subscribers
 Resolved mmodellT89675 Phabricator avatars should have high definition version for HD displays
 ResolvedTTOT84833 When you close an unassigned task as "Resolved" from the Comment action, Phabricator thinks you want to claim the task
 Resolved mmodellT89865 Phabricator project page should not default to workboard
 Resolved mmodellT91829 There is no easy way to file a Task from a Project page
 ResolvedAklapperT118014 HTTP 503 Error editing a project description to add a link to a username not in the project
 ResolvedAklapperT121071 PhabricatorDataNotAttachedException exception trying to add a 2nd user @mention to project description
 ResolvedAklapperT87500 Printout of Phabricator.org board is incomplete
 DeclinedNoneT105865 Delete unused and empty workboards database-side
 ResolvedNoneT99035 "Send a message" should not be more prominent than user talk links
 ResolvedAklapperT112046 Don't let people create workboards on milestone, release or tag projects like WMF-deploy-*
 ResolvedAklapperT99092 Diffusion grep with 0 results produces an exception
 Resolved mmodellT120013 Next Phabricator Upgrade - 2016-02-18
 Resolved mmodellT122556 Figure out what upstream "Can Edit Task Policies" policy deprecation means for our Spaces/ACL setup

Event Timeline

Aklapper created this task.Dec 28 2015, 11:34 PM
Aklapper raised the priority of this task from to Medium.
Aklapper updated the task description. (Show Details)
Aklapper added projects: Phabricator, Documentation.
Aklapper added subscribers: Aklapper, mmodell.
Restricted Application added subscribers: Luke081515, scfc. · View Herald TranscriptDec 28 2015, 11:34 PM
Aklapper added a parent task: T120013: Next Phabricator Upgrade - 2016-02-18.Dec 28 2015, 11:34 PM
Krenair subscribed.Dec 28 2015, 11:38 PM
Krenair added a comment.Dec 28 2015, 11:41 PM

Ugh, wtf? I was hoping for *more* of these types of settings, not less.

Krenair added a comment.EditedDec 28 2015, 11:42 PM

We should be more concerned about how it affects our non-Spaces workflow.

mmodell added a comment.Dec 29 2015, 7:01 PM

Upstream has created a new system for custom forms which allow us to create multiple versions of the task creation form. Some versions of the form can have policies restricted and we can create policies that control who can use each version of the form.

It's a bit more complicated to set up but the end result is a more user friendly task editing UI where people who shouldn't see policy controls won't even see them.

Krenair added a comment.Dec 29 2015, 7:18 PM

So we can actually prevent people who shouldn't be editing visibility policies (both task and project, and others...) from doing so, using the new system?

Luke081515 added a comment.Dec 29 2015, 7:25 PM

We can. But the problem is, if we want that people can change the policy (indirectly), if they report a security issue. The security extension is the problem. An altnernative solution could be this task: https://secure.phabricator.com/T10061

mmodell added a comment.Dec 30 2015, 5:03 AM

@Aklapper: To elaborate on what I said above, after playing with the new forms on phab-01, it looks like we shouldn't need to change much in the workflow.

So instead of

add "Allow members of acl*groupname_policy_admins" to Phabricator's global custom "Can Edit Task Policies" setting.

We set up two separate task forms, one with policy controls like this:

And one without, like this:

Then we set who can use the edit task policies form, like this:

And simply limit the more powerful form to members of the appropriate acl*groupname_policy_admins projects.

Aklapper added a comment.Jan 4 2016, 7:19 PM

Thanks, as far as I understand it this all makes sense.

Visually I love what I've seen so far on phab-01. Adding screenshots from phab-01:

  • "Create item" dropdown menu:

phab-create-task-dropdown-2016.png (434×222 px, 19 KB)

  • Create Security task form:

phab-create-sec-task.png (687×750 px, 45 KB)

Luke081515 added a comment.Jan 12 2016, 5:53 PM

So I guess we can close this now. Let users adjust spaces is possible via a third form, so this is not a problem (Custom policy for this form, so that not all users can use this (create and edit form)).

Luke081515 added a revision: Restricted Differential Revision.EditedFeb 2 2016, 4:29 PM

I think the main problem is solved by D113, so we can close this, if D113 is ready?

Luke081515 moved this task from To Triage to Doing on the Phabricator board.Feb 4 2016, 6:27 PM
mmodell mentioned this in rPHESc9b7c132a592: Add a button to maniphest tasks to escalate security issues which need to be….Feb 8 2016, 2:16 AM
mmodell closed this task as Resolved.Feb 12 2016, 7:02 PM
mmodell claimed this task.

I believe this is resolved. Resolving so that it will unblock T120013: Next Phabricator Upgrade - 2016-02-18

mmodell reopened this task as Open.Feb 18 2016, 3:02 AM

old policy for editing maniphest policies:

Security
acl*operations-team
importbots
acl*communityliaison_policy_admins
acl*fr_policy_admins
acl*fundraising_research_policy_admins
KLans_WMF (Kristen Lans)×

I'm removing this to replace it with forms

MZMcBride subscribed.Feb 18 2016, 3:08 AM
mmodell closed this task as Resolved.Feb 22 2016, 7:33 PM

I believe this is resolved now.

mmodell mentioned this in rPHEXc9b7c132a592: Add a button to maniphest tasks to escalate security issues which need to be….Jul 11 2018, 11:58 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits