Page MenuHomePhabricator
Create Task
Maniphest T198831

Trusted contributors cannot escalate tasks as security issues
Closed, ResolvedPublic
Actions

Description

Trusted-Contributors don't have permission to escalate tasks as security issues, but should per the summary of rPHEXf951c8bfa70a: Lock down the 'lock as security issue' feature.

Steps to reproduce (as non- WMF-NDA or acl*sre-team):

  1. Go to any task not authored by yourself that is not already a security issue
  2. Click Protect as security issue

Expected: Dialog to escalate the task

Actual: No Permission error: You do not have permission to escalate tasks as security issues. This action can only be taken by authorized users.

Related Objects

Event Timeline

JJMC89 created this task.Jul 5 2018, 8:24 AM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJul 5 2018, 8:24 AM
MarcoAurelio subscribed.Jul 5 2018, 9:33 AM

Confirmed in this very task. I was able to do so not so long ago. Was this capacity removed to counter that vandal we had recently? @mmodell

MarcoAurelio added a comment.Jul 5 2018, 9:35 AM

Not sure if D1075 could fix this though.

Aklapper added a comment.Jul 5 2018, 10:10 AM

In theory it should work as per summary in D1069

MarcoAurelio updated the task description. (Show Details)Jul 5 2018, 10:15 AM
JJMC89 updated the task description. (Show Details)Jul 5 2018, 3:30 PM
JJMC89 closed this task as Resolved.Jul 6 2018, 1:33 AM
JJMC89 assigned this task to MarcoAurelio.

{D1075} / rPHEX9ac7eb2ccef0: Update project names after some renames

Restricted Application added a project: User-MarcoAurelio. · View Herald TranscriptJul 6 2018, 1:33 AM
mmodell awarded a token.Jul 6 2018, 1:34 AM
MarcoAurelio moved this task from unsorted/backlog to cabinet on the User-MarcoAurelio board.Jul 7 2018, 7:51 PM
chasemp added a project: Security.Feb 10 2020, 10:52 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:12 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL