Page MenuHomePhabricator

Phabricator should let admins delete comments in Maniphest
Closed, ResolvedPublic

Description

Filed upstream: https://secure.phabricator.com/T4909

Administrators and members of projects with specific permissions should be able to delete comments in Maniphest.

Use case: vandals, spammers, users accidentally leaking sensitive information.

Deleting would mean removing the information. A reference to the deleted post would be left in the UI, but there shouldn't be any way to access to the removed content by accessing to previous versions or diffs.

If deleting means making them private and accessible only to users with permissions to delete comments, that might work as well.

Details

Reference
fl259

Related Objects

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.

Event Timeline

flimport raised the priority of this task from to High.
flimport set Reference to fl259.

qgil wrote on 2014-04-30 14:32:42 (UTC)

This feature has been identified as "Potential blocker" at https://secure.phabricator.com/project/board/404/

Upstream maintainers are aware of it and say that it can be done. Moving the task to "Not critical for the RfC" because there is nothing else to discuss here. If the RfC is approved, then this feature probably will become a blocker for the Bugzilla migration.

qgil wrote on 2014-05-05 19:24:00 (UTC)

https://secure.phabricator.com/T4909 is basically implemented upstream. Users can remove their own comments via UI. Admins can remove anybody's comments. There is a command-line tool for admins with server access that can destroy items completely.

One point open is whether users should have any limit to delete their own posts, in order to avoid frustrated users to remove all their contributions. See https://secure.phabricator.com/T4909#20 and following discussion.

qgil wrote on 2014-05-10 22:05:16 (UTC)

Assigning to Andre, who needs to decide whether this task can be closed (since the features described in the title and description are implemented in Phabricator upstream), whether a new task should be created for the feature of Rate limit or restrict access to comment removal, and whether it should be a blocker for Day 1 or not.

aklapper wrote on 2014-06-03 15:43:34 (UTC)

Summarizing the upstream ticket activity: Admins can use the "Remove" action in the UI to remove/hide comments, see https://secure.phabricator.com/T4909#19 .
That was the main intention here for Day 1 and I'm closing this task as resolved.

Rate Limiting is additional functionality not provided by our current tools either. Though nice to have, we have managed to survive without so far; it is no regression that should block day 1.

Nemo_bis wrote on 2014-06-15 10:44:16 (UTC)

Rate Limiting is additional functionality not provided by our current tools either. Though nice to have, we have managed to survive without so far;

That's not correct. Absence of such features made us add restrictions we didn't like (editbugs no longer for everyone). But that's T146.

aklapper wrote on 2014-06-16 10:46:21 (UTC)

Bugzilla never had rate limiting. Bugzilla has/had restrictions which stop average users from doing harm by changing fields, but average users can still do harm by mass-commenting without editbugs.

importing issue status

flimport closed this task as Resolved.Sep 12 2014, 1:33 AM
flimport added a subscriber: Aklapper.
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 23 2016, 6:06 PM