Page MenuHomePhabricator
Create Task
Maniphest T1292

Limiting Batch Edits to certain users
Closed, ResolvedPublic
Actions

Description

Currently a user with bad intentions could create quite a mess with batch edits, and it is unclear how that mess could be repaired. It hasn't happened, but... should we wait?

I would restrict the Batch Edit permission to an invitation-only group where the Phabricator, Operations, and WMF-NDA members could add new members. Ideally this permission would be granted automatically based on the trust/activity accumulated by the user, to keep away new / unexperienced users, puppet accounts, etc. Today we lack these mechanisms, hence delegating the trust criteria to some trusted members.

Maybe we should reset acl*Batch-Editors and use it for this?

Related Objects
Search...

Event Timeline

Qgil created this task.Nov 17 2014, 3:03 PM
Qgil raised the priority of this task from to Medium.
Qgil updated the task description. (Show Details)
Qgil added projects: Phabricator, acl*Batch-Editors.
Qgil changed Security from none to None.
Qgil added subscribers: Aklapper, chasemp, Jdforrester-WMF and 4 others.
Jdforrester-WMF added a comment.Nov 17 2014, 4:43 PM

Batch editing is currently available to all(?) users on Bugzilla, though…

Qgil moved this task from To Triage to Need discussion on the Phabricator board.Nov 17 2014, 5:11 PM
Aklapper added a comment.Nov 17 2014, 5:16 PM
In T1292#22678, @Jdforrester-WMF wrote:

Batch editing is currently available to all(?) users on Bugzilla, though…

No, you need editbugs (and/or canconfirm?).

Jdforrester-WMF added a comment.Nov 17 2014, 5:20 PM
In T1292#22701, @Aklapper wrote:
In T1292#22678, @Jdforrester-WMF wrote:

Batch editing is currently available to all(?) users on Bugzilla, though…

No, you need editbugs (and/or canconfirm?).

Aha. In that case, yeah. Limiting it to the acl*Batch-Editors group though might be about the right level, given the restricted ambition for that group.

Aklapper added a comment.Nov 17 2014, 5:42 PM

Hmm, Triagers has been archived (T583) for the time being... :-/

Qgil added a comment.Nov 17 2014, 5:49 PM
In T1292#22711, @Aklapper wrote:

Hmm, Triagers has been archived (T583) for the time being... :-/

That's the easy part. Remove current members, add the teams proposed, unarchive, set policy.

Qgil added a comment.Nov 23 2014, 10:51 PM

I have started with this:

Can Bulk Edit Tasks: Phabricator

Tomorrow I will clean acl*Batch-Editors and apply the policy proposed in the description, unless someone has a better idea before. Then we can continue the discussion if needed, but without this pressure of "what if...?"

Qgil claimed this task.Nov 23 2014, 10:51 PM
Qgil moved this task from Need discussion to Doing on the Phabricator board.
Qgil added a subscriber: Qgil-test.Nov 24 2014, 9:58 AM

What I have done:

  1. Activate acl*Batch-Editors and edited the description.
  2. Keep all the acl*Batch-Editors members. I went through the list and I saw no reason to remove anybody.
  3. Change the policy of this project: Editable By: Phabricator (Project); Joinable By Custom Policy (Phabricator, Operations, and WMF-NDA members, who can add other members).
  4. Change Maniphest's policy Can Bulk Edit Tasks: Triagers (Project). I did it here, and now the change must be properly applied to the Puppet rules. I took the quick path only because today is our first working day with Bugzilla merged, and I expect this feature to be needed by some. In fact, @Jdforrester-WMF had requested it already.
  5. Tested with @Qgil-test; seems to work. The Batch Task Editor is not even shown, and Shift-Click does nothing.
  6. Documented at https://www.mediawiki.org/wiki/Phabricator/Help#Batch_Edits

This task can be Resolved as soon as the Mnaiphest policy change has been properly applied, unless someone has a good idea to improve the process proposed.

revi subscribed.Nov 24 2014, 3:35 PM
Jdforrester-WMF added a comment.Nov 24 2014, 4:54 PM
In T1292#777726, @Qgil wrote:

What I have done:

[Snip]

Thank you!

Qgil closed this task as Resolved.Nov 26 2014, 7:39 AM
In T1292#777726, @Qgil wrote:

This task can be Resolved as soon as the Mnaiphest policy change has been properly applied, unless someone has a good idea to improve the process proposed.

Actually, being this a condition specific to this instance (we don't need this in Labs), maybe it is good that this configuration is set via the admin UI only.

Resolving.

Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL