Page MenuHomePhabricator
Create Task
Maniphest T129902

Create a custom form for private FR-tech tasks
Closed, ResolvedPublic
Actions

Description

FR-tech stakeholders need to be able to make secured tasks to protect donor data.

Please create a "creation form" with these attributes:

  • The form should only be visible to members of the WMF-FR project
  • The name of the form should be "Create Private FR Task" (let's discuss if this is too long for the UI).
  • The form should not allow anyone to be automatically added by herald rules (i.e. studiesworld or Aklapper)
  • The finished task should be visible only to the members of acl*WMF-FR project.

Please let me know if you need any other information.

Event Timeline

DStrine created this task.Mar 14 2016, 6:15 PM
Restricted Application added subscribers: scfc, Aklapper. · View Herald TranscriptMar 14 2016, 6:15 PM
Luke081515 subscribed.Mar 14 2016, 6:49 PM

The form should not allow anyone to be automatically added by herald rules (i.e. studiesworld or Aklapper)

The studiesworld rule is disabled ;), but a private task would herald not allow to add people (but for example if @Aklapper is am member of WMF-NDA, herald would add him.

Luke081515 updated the task description. (Show Details)Mar 14 2016, 6:49 PM
mmodell added a comment.Mar 14 2016, 7:11 PM

@DStrine: As @Luke081515 pointed out, @Aklapper is a member of WMF-NDA so he would automatically be added. If you don't want that then you'd need to restrict the tasks to members of acl*WMF-FR

mmodell added a comment.Mar 14 2016, 7:13 PM

Should the projects field of this form default to acl*WMF-FR?

mmodell triaged this task as Medium priority.Mar 14 2016, 7:18 PM

https://phabricator.wikimedia.org/maniphest/task/edit/form/16/ is created, just need acknowledgement about the WMF-NDA issue with herald before closing this.

Krenair subscribed.Mar 14 2016, 7:55 PM

Even if you restricted it to members of acl*WMF-FR, members of that project would still be able to use Herald to subscribe themselves.

mmodell added a comment.Mar 14 2016, 8:01 PM
In T129902#2119857, @Krenair wrote:

Even if you restricted it to members of acl*WMF-FR, members of that project would still be able to use Herald to subscribe themselves.

Indeed, there is no universal way of preventing herald rules from adding subscribers short of disabling herald entirely. We had herald disabled for a long time and I really doubt whether some of our herald rules are overall beneficial but there is considerable momentum behind herald and disabling it isn't an option now. So I think acl*WMF-FR will just have to live with it.

Krenair added a comment.Mar 14 2016, 8:02 PM

Agreed. Let's consider that part declined and do the rest of the request.

Luke081515 moved this task from To Triage to Doing on the Phabricator board.Mar 14 2016, 10:04 PM
DStrine updated the task description. (Show Details)Mar 14 2016, 10:11 PM
DStrine added a comment.Mar 14 2016, 10:13 PM

Regarding everything above about herald rules: that's fine.

I was mistaken about the project. It should actually be acl*WMF-FR. I have updated the description.

Thanks all for helping!

mmodell closed this task as Resolved.Mar 14 2016, 10:26 PM

Everything is done already with the one caveat about herald rules.

DStrine added a comment.Mar 14 2016, 10:39 PM

Thanks for the help.

I just tested this form. I created T129939 . It seems to have a custom policy. I can't tell if it's only visible to acl*WMF-FR. How could I ensure this is properly restricted?

Krenair added a comment.Mar 14 2016, 10:40 PM

It's certainly not visible to me at the moment. Someone in both acl*WMF-FR and one of the policy admin groups should be able to read the policy to check it for you.

DStrine reopened this task as Open.Aug 5 2016, 5:24 PM
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptAug 5 2016, 5:24 PM
DStrine added a comment.Aug 5 2016, 5:28 PM

Thanks all who helped with this originally. I am reopening this for a slight adjustment. We would like these tasks to have Fundraising-Backlog added as default. This is our main triage area. Adding this tag by default will help avoid human error.

Also please note: do not add Fundraising-Backlog-Old . Phab seems to insist on offering the tech backlog in typeaheads. We are working to deprecate that board.

DStrine added a comment.Aug 9 2016, 5:14 PM

Is there anyone who could help with this?

mmodell added a comment.Aug 10 2016, 5:43 AM

@DStrine I can help.

mmodell closed this task as Resolved.Aug 10 2016, 6:26 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL