Page MenuHomePhabricator

"The owner of a task can always view and edit it." is confusing
Open, LowPublic

Description

I had filed T279809 and got a notification that I could no longer see it. When looking up the task page, I get this message:

Access Denied: Restricted Task
You do not have permission to view this object.
Users with the "Can View" capability:
Members of a particular project can take this action. (You can not see this object, so the name of this project is restricted.)
The owner of a task can always view and edit it.

I authored the task, so I'd think I'm the owner. After reading the error multiple times, I have deducted that the owner can only always view it if they have this "Can view" which I can only guess I don't. (a link to a glossary would be helpful) So I'd suggest adjusting the text to better clarify the situation as it just confused me. I'd suggest "The owner of a task can always view and edit it, provided they have the "Can View" capability." and something similar for the line about "members of a particular project", but I don't understand at all what that "members of a particular project" line even means.

It could be simplified even further by simply saying "This task can only be viewed by users with elevated permissions". That's way more clear I think.

The title for the task in question was "Wikimedia was temporarily unreachable". I can only speculate that somebody posted logs that include their IP on T279809 and the task was subsequently hidden from public view. Or somebody deleted the task without telling me. (but I don't know why that would happen)

Event Timeline

AlexisJazz renamed this task from "The owner of a task can always view and edit it." is either wrong or confusing language to "The owner of a task can always view and edit it." is confusing.Apr 10 2021, 2:47 PM

I would assume the owner of a task is the assignee, not the author.

The default policy when escalating to a security policy includes task author. That simply means though whoever made it private either did it manually and forgot or isn't using the standard security policy for a reason.

I would assume the owner of a task is the assignee, not the author.

I guess that needs clarification as well in that case as at least one of us is confused about this. My money is still on the author being the owner though.

Edit: Guess I lost my money

The default policy when escalating to a security policy includes task author. That simply means though whoever made it private either did it manually and forgot or isn't using the standard security policy for a reason.

That isn't the case for WMF-NDA tasks.

I would assume the owner of a task is the assignee, not the author.

Looks correct, but that error message could use the term "assignee" to avoid confusion.

The default policy when escalating to a security policy includes task author. That simply means though whoever made it private either did it manually and forgot or isn't using the standard security policy for a reason.

That isn't the case for WMF-NDA tasks.

I would assume the owner of a task is the assignee, not the author.

Looks correct, but that error message could use the term "assignee" to avoid confusion.

I agree that would be an improvement. Also, I guess you can see the task? There is no private message system here I think so I'll just ask here: was the task valid? The outage was too short to run the usual tests which I otherwise would have done. If the task was invalid I'd like to know so I'll know if I shouldn't put too much faith into downforeveryoneorjustme.com.

Yes the task is/was valid, thanks for reporting it. :)