Page MenuHomePhabricator

Maniphest task does not show project name when being logged out if project visibility is not set to "Public"
Closed, InvalidPublic

Description

I filed this already but title was changed and I can't find it due to http://fab.wmflabs.org/T395 : most stuff in phabricator is private, even in nonsensical ways. For instance, I was logged out and I saw this:

T394 Phabricator shows html escaped user name in e-mail From header

Wed, Jun 11, 10:22 PM

Restricted Project

I can click the task title and reach the task but in place of the content I find a login link (non-functioning, I had to delete the cookie; no idea if that's expected brokenness or a bug).

Details

Reference
fl397

Event Timeline

flimport raised the priority of this task from to Medium.Sep 12 2014, 1:38 AM
flimport set Reference to fl397.

aklapper wrote on 2014-06-15 12:17:43 (UTC)

What is "almost everything" here when there's only one example? Vague tickets don't help. :)

I am also logged out. http://fab.wmflabs.org/T394 shows:

Projects: Restricted Project

when being logged out, it should show

Projects: Wikimedia Phabricator Maintenance (after Day 1)

instead.

aklapper wrote on 2014-06-15 12:21:43 (UTC)

Reason: http://fab.wmflabs.org/tag/wikimedia_phabricator_maintenance_%28after_day_1%29/ shows "All Users" instead of "Public".

aklapper wrote on 2014-06-15 12:29:43 (UTC)

Fixed this for the specific "After day 1" project by changing project visibility from "All Users" to "Public".

We could end up with a project not exposed to anonymous users, but it's unlikely as those project would also have very restricted read access, in Wikimedia's use cases.

aklapper wrote on 2014-06-26 15:39:57 (UTC)

I think we can work around this problem simply by defining that people (admins?) creating projects in Phabricator should set them to "Public" by default, and only if there are very good reasons (Security project, cf. T95) restrict access. Added to documentation ticket T350.

I don't think this requires code changes, but we should test this after T95 is in place. Adding dependency.

mmodell wrote on 2014-07-23 18:18:26 (UTC)

T95 doesn't effect this behaviour. This is not a bug, it's just phabricator security policies working the way they are supposed to work.