Page MenuHomePhabricator

Phabricator should let admins delete comments in Maniphest
Closed, ResolvedPublic


Filed upstream:

Administrators and members of projects with specific permissions should be able to delete comments in Maniphest.

Use case: vandals, spammers, users accidentally leaking sensitive information.

Deleting would mean removing the information. A reference to the deleted post would be left in the UI, but there shouldn't be any way to access to the removed content by accessing to previous versions or diffs.

If deleting means making them private and accessible only to users with permissions to delete comments, that might work as well.


TitleReferenceAuthorSource BranchDest Branch
Phabricator: add override for the browser time zone conflict messagerepos/phabricator/deployment!6dannys712dannys712-wmf/stable-patch-89495wmf/stable
Customize query in GitLab

Event Timeline

flimport raised the priority of this task from to High.Sep 12 2014, 1:33 AM
flimport set Reference to fl259.

qgil wrote on 2014-04-30 14:32:42 (UTC)

This feature has been identified as "Potential blocker" at

Upstream maintainers are aware of it and say that it can be done. Moving the task to "Not critical for the RfC" because there is nothing else to discuss here. If the RfC is approved, then this feature probably will become a blocker for the Bugzilla migration.

qgil wrote on 2014-05-05 19:24:00 (UTC) is basically implemented upstream. Users can remove their own comments via UI. Admins can remove anybody's comments. There is a command-line tool for admins with server access that can destroy items completely.

One point open is whether users should have any limit to delete their own posts, in order to avoid frustrated users to remove all their contributions. See and following discussion.

qgil wrote on 2014-05-10 22:05:16 (UTC)

Assigning to Andre, who needs to decide whether this task can be closed (since the features described in the title and description are implemented in Phabricator upstream), whether a new task should be created for the feature of Rate limit or restrict access to comment removal, and whether it should be a blocker for Day 1 or not.

aklapper wrote on 2014-06-03 15:43:34 (UTC)

Summarizing the upstream ticket activity: Admins can use the "Remove" action in the UI to remove/hide comments, see .
That was the main intention here for Day 1 and I'm closing this task as resolved.

Rate Limiting is additional functionality not provided by our current tools either. Though nice to have, we have managed to survive without so far; it is no regression that should block day 1.

Nemo_bis wrote on 2014-06-15 10:44:16 (UTC)

Rate Limiting is additional functionality not provided by our current tools either. Though nice to have, we have managed to survive without so far;

That's not correct. Absence of such features made us add restrictions we didn't like (editbugs no longer for everyone). But that's T146.

aklapper wrote on 2014-06-16 10:46:21 (UTC)

Bugzilla never had rate limiting. Bugzilla has/had restrictions which stop average users from doing harm by changing fields, but average users can still do harm by mass-commenting without editbugs.