Page MenuHomePhabricator

Streamline process for uploading private files to public tasks
Open, Needs TriagePublic

Description

Having recently helped someone through uploading a private file for a public task, I realized the process for doing so is undocumented and unclear.

As far as I can see, the only sane way to handle such private files is to open a private paste and drag&drop it there, which will make the file inherit the restructions of the paste and allows to indirectly link to the file via linking to the paste. (Directly linking to the file, ie. pasting F12345 into a task, will immediately give access to the file for everyone who has access to the task. Furthermore, there seems to be no way to undo that, even if the link is removed, the file remains "attached" to that task.) Paste creation is not exposed anywhere, and the whole process is easy to get wrong and expose your private file to the world (probably without noticing it as Phabricator will continue to say the file is private, even when everyone including anonymous users can see it).

This is not a problem with uploading private files for private tasks (such as patches) - you can just use drag&drop which will make the file inherit the restrictions of the task. But when the task should be public but the file private (this is common with HAR files that are needed for certain kinds of non-security issues such as web performance or login problems), Phabricator's behavior is hostile to the inexperienced user and we need some way to work around that.

Event Timeline

Tgr created this task.Nov 24 2017, 9:51 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptNov 24 2017, 9:51 PM
Tgr renamed this task from Streamline process for uploading private files to Streamline process for uploading private files to public tasks.Nov 24 2017, 9:51 PM
Tgr updated the task description. (Show Details)
Tgr added a subscriber: Samat.

@Tgr:

when the task should be public but the file private

In that case, folks should never drag and drop a (to be private) file into a public task's comment field but instead use https://phabricator.wikimedia.org/file/upload/ and set the "Visible To" field to the appropriate "Custom Policy".

Documentation is at https://www.mediawiki.org/wiki/Phabricator/Help#Uploading_file_attachments and what I wrote in the previous sentence is currently not explicitly documented. (It only says "It is recommended to upload files which should have restricted access together with the creation of a restricted ticket.") Do I understand correctly that adding this to our documentation would fix this task?
I don't see any potential feasible UI changes for the drag'n'drop case though.

Tgr added a comment.Jun 29 2018, 6:04 PM

A custom form for uploading with the access configuration preset (yourself + admins or something like that) would be nice.