Folks changing a task's Priority value (often without bad intentions but "the field was visible so I thought I can") regularly comes up as an issue faced by teams whose workflows rely on the Priority field.

Upstream Phorge (Phabricator) code itself has no further differentiation in the Maniphest (=tasks) application settings: The default Maniphest Edit Policy covers all fields of a task - Priority field and any other fields.
To some extent this was mitigated by the introduction of forms allowing to disable or hide specific UI fields, which however still does not solve the situation as a (Create or Edit) form configuration cannot be bound to a specific user group - it's all users or no users affected by the form configuration, once a task has been created via a form.

I was quite reluctant in the past to restrict editing the Priority field. After having seen vandalism (though that's only weakly related here) and repeated tension over the years I've started to consider this an option.
It would slightly reduce UI complexity for Phab newcomers not aware of its social conventions.
It would reduce workflow collisions, see e.g. https://phabricator.wikimedia.org/T14396#9680109 or https://phabricator.wikimedia.org/T362986#9730145 or https://phabricator.wikimedia.org/T365323 or https://phabricator.wikimedia.org/T365315#9811246 or https://phabricator.wikimedia.org/T368610#9937309 or https://phabricator.wikimedia.org/T366129#9958586 or https://phabricator.wikimedia.org/T49177#9899967 (random latest examples).

Details

Related Changes in GitLab:

	Title	Reference	Author	Source Branch	Dest Branch
	Revert "Expose the Edit Task Priority dropdown field only to trusted users"	repos/phabricator/phabricator!84	aklapper	T363337revert	wmf/stable
	Expose the Edit Task Priority dropdown field only to trusted users	repos/phabricator/phabricator!50	aklapper	T363337editPrioHide	wmf/stable

Customize query in GitLab

Related Objects

Mentioned In: T391382: Block change priority task for for reporter, who is not assignee
T387873: Deploy Phabricator/Phorge 2025-03-04
Mentioned Here: P61154 T363337
T819: Restricting modification of tasks when they enter sprints
T133541: [RFC] Limit option (or provide alternative) to change the priority of tickets to project members

Event Timeline

Proof of concept:

P61154 T363337

2index 3--- 4+++ 5@@ 6 7 $column_map 8 9+// 10+ 11+ 12+ 13+ 14+ 15+ 16+ 17+ 18+ 19+ 20+ 21+ 22+ 23+ 24+ 25+ 26+ 27+ 28+ 29+ 30+ 31+ 32+ 33+ 34+ 35+ 36+ 37+ 38+ 39+// 40+ 41 $fields 42 id(new 43 44@@ 45 46 47 48+ 49 50 51 );

style="max-height: 11.5em;">

diff --git a/src/applications/maniphest/editor/ManiphestEditEngine.php b/src/applications/maniphest/editor/ManiphestEditEngine.php 46877168e7..ed83650e1b 100644 a/src/applications/maniphest/editor/ManiphestEditEngine.php b/src/applications/maniphest/editor/ManiphestEditEngine.php -145,6 +145,38 @@ EODOCS = $this->getColumnMap($object); WMF BEGIN: Only show Edit Priority when user is member of a trusted project $can_edit_priority = false; $viewer = $this->getViewer(); $viewer_phid = $viewer->getPHID(); // ["Trusted-Contributors", "WMF-NDA", "acl*sre-team", "acl*security"]; $trusted_project_phids = ['PHID-PROJ-rte2hubdntrhiwyoau6n', 'PHID-PROJ-ibxm3v6ithf3jpqpqhl7', 'PHID-PROJ-fqb3bhereyljcqrsbju7', 'PHID-PROJ-koo4qqdng27q7r65x3cw']; // PhabricatorProjectQuery does not seem to `&&` for withPHIDs and // withMemberPHIDs for a nice shortcut, so loop on `isUserMember()` later $trusted_projects = id(new PhabricatorProjectQuery()) ->setViewer($viewer) ->withPHIDs($trusted_project_phids) ->execute(); if (count($trusted_projects) !== 4) { phlog('WMF Error: Not all projects for checking Edit Priority ' . 'rights exist. Please correct the PHIDs in the code.'); } if ($trusted_projects) { foreach ($trusted_projects as $proj) { if ($proj instanceof PhabricatorProject && $proj->isUserMember($viewer_phid)) { $can_edit_priority = true; break; } } } else { // allow to edit priority if no $trusted_projects found AT ALL $can_edit_priority = true; } WMF END: Only show Edit Priority when user is member of a trusted project = array( PhabricatorHandlesEditField()) ->setKey('parent') -225,6 +257,7 @@ EODOCS ->setIsCopyable(true) ->setValue($object->getPriorityKeyword()) ->setOptions($priority_map) ->setIsHidden(!$can_edit_priority) ->setOptionAliases($alias_map) ->setCommentActionLabel(pht('Change Priority')),

(A "proper" implementation would span across at least 4 or 5 source code files and I don't consider this request acceptable by upstream, so I prefer to keep custom downstream changes quite local. Details for myself: Properly implementing a Capacity would require expanding ManiphestTask.php to have a setPriorityEditPolicy() method, expand getCustomCapabilities() in PhabricatorManiphestApplication.php, introduce a class ManiphestDefaultPriorityEditCapability.php, etc etc).

Pppery awarded a token.Apr 25 2024, 3:35 AM

Pppery rescinded a token.

Pppery awarded a token.

Aklapper moved this task from To Triage to Needs code (in Phab or bot) on the Phabricator board.Apr 25 2024, 9:12 AM

Notes to myself:

Tested task creation as average user. Works as expected: Priority field not shown in the UI and task successfully created wth default priority.
This code change does not affect bulk editing: The "Set Priority" option is still available as a bulk action even though the performing user is not a member of one of the four projects. That's fine IMO as bulk edits are limited to acl*Batch-Editors members anyway.

Aklapper updated the task description. (Show Details)May 4 2024, 9:18 AM

aklapper opened https://gitlab.wikimedia.org/repos/phabricator/phabricator/-/merge_requests/50

Draft: Expose the Edit Task Priority dropdown field only to trusted users

Aklapper updated the task description. (Show Details)May 19 2024, 8:35 AM

Nemoralis subscribed.May 19 2024, 9:56 AM

Aklapper updated the task description. (Show Details)May 19 2024, 10:49 AM

Chlod subscribed.May 19 2024, 11:28 AM

Would this mean that people like me couldn’t put Unbreak Now! priority to the tasks that require it?

Izno subscribed.May 19 2024, 3:37 PM

It would mean that only members of Trusted-Contributors, WMF-NDA acl*sre-team or acl*security can change the Priority field value.

Soda awarded a token.May 19 2024, 4:21 PM

Soda subscribed.

brennen subscribed.May 19 2024, 5:09 PM

In T363337#9811366, @Aklapper wrote:

It would mean that only members of Trusted-Contributors, WMF-NDA acl*sre-team or acl*security can change the Priority field value.

I hope this would mean that addition to Trusted-Contributors would be more active then because this would effectively hinder ability of many less active Phabricator contributors to report the urgent tasks (I was added to the group but I assume many others, even admins from different wikis, will be forgotten).

brennen added a project: User-brennen.May 23 2024, 1:12 AM

In T363337#9811366, @Aklapper wrote:

It would mean that only members of Trusted-Contributors, WMF-NDA acl*sre-team or acl*security can change the Priority field value.

my guess is onboarding varies a bit so we make sure wmf+affiliate staff are all in at least one of those groups.

Aklapper updated the task description. (Show Details)Jun 30 2024, 11:26 AM

Aklapper updated the task description. (Show Details)Jul 9 2024, 3:54 PM

To make this change in behavior less disruptive for PMs etc, should check first which non-deactivated Phab user accounts have been active setting the Priority field in the last six months and are neither in Trusted-Contributors nor WMF-NDA, and add them:
SELECT usr.username, COUNT(usr.username) AS cnt FROM phabricator_maniphest.maniphest_transaction trs JOIN phabricator_user.user usr WHERE trs.transactionType = "priority" AND FROM_UNIXTIME(trs.dateModified) >= (NOW() - INTERVAL 6 MONTH) AND trs.authorPHID = usr.phid AND usr.isDisabled != 1 AND usr.phid NOT IN (SELECT e.src FROM phabricator_user.edge e WHERE e.dst = "PHID-PROJ-rte2hubdntrhiwyoau6n" AND e.type = 14) AND usr.phid NOT IN (SELECT e.src FROM phabricator_user.edge e WHERE e.dst = "PHID-PROJ-ibxm3v6ithf3jpqpqhl7" AND e.type = 14) GROUP BY usr.username ORDER BY cnt DESC LIMIT 80;

Aklapper updated the task description. (Show Details)Sep 6 2024, 9:19 AM

brennen merged https://gitlab.wikimedia.org/repos/phabricator/phabricator/-/merge_requests/50

Expose the Edit Task Priority dropdown field only to trusted users

In T363337#10124562, @Aklapper wrote:

To make this change in behavior less disruptive for PMs etc, should check first which non-deactivated Phab user accounts have been active setting the Priority field in the last six months and are neither in Trusted-Contributors nor WMF-NDA, and add them:

Was this done? And is there any plan to add active members of Phabricator community to Trusted-Contributors more quickly after this change got merged?

Was this done?

Yes.

And is there any plan to add active members of Phabricator community to Trusted-Contributors more quickly after this change got merged?

No (as I cannot predict how quick nearly 800 people will do things in the future). :)

Aklapper edited projects, added: Phabricator (2024-10-22); removed: Patch-For-Review, Phabricator.Oct 16 2024, 3:46 PM

In T363337#10234235, @Aklapper wrote:

as I cannot predict how quick nearly 800 people will do things in the future :)

I mean, you spearheaded this effort to tie an important permission to the group. I think there should be some (organisational) responsibility on your part to give the permissions out to people who are definitely trusted enough after this change got merged (IAdmins or admins on Wikimedia wikis, for instance). At least one of the members of the new Product and Technology Advisory Council wasn’t in that group until I added them yesterday, I wasn’t until I mentioned it in this very task, and how many others are like that?

to give the permissions out to people who are definitely trusted enough after this change got merged

I did for those who have already been active setting priorities in T363337#10124562. I cannot foresee the future though. :)

IAdmins or admins on Wikimedia wikis, for instance

I don't plan to collect data from all 900 wikis and sync it against Phabricator accounts.
If you or others know and trust folks who should have priority setting permissions, feel free to add them to Trusted-Contributors, just like before.

until I added them yesterday

Thanks for doing that!

how many others are like that?

If you have an idea how to find out, please share it. Thanks!

Basically: If you think you need permissions, ask for permissions. That's a common concept in Wikimedia (and Phabricator, for example to create projects, mass-edit tasks, create forms, etc etc). I don't plan to invert the concept by starting to actively search for folks who should have permissions in this very case. Sure, for a few folks this change might be initially disruptive but that's the thing with changes - we had the same situation when we introduced Trusted-Contributors ("why can't I not do xyz in Phab anymore?"), it's hard to always identify everyone who may benefit from being included in those additional permissions.

Aklapper renamed this task from Explore restricting editing task priority to Trusted-Contributors/staff/etc to Restrict editing task priority to Trusted-Contributors/staff/etc.Oct 22 2024, 2:54 PM

My patch merged on 2024-10-22 never worked as expected, for reasons I still cannot figure out.
I'll try again with https://gitlab.wikimedia.org/repos/phabricator/phabricator/-/commit/4b00a968e116d235b6c9f7c73916d758f5293e9f which seems to work.

A_smart_kitten subscribed.Feb 27 2025, 10:52 AM

aklapper opened https://gitlab.wikimedia.org/repos/phabricator/phabricator/-/merge_requests/84

Revert "Expose the Edit Task Priority dropdown field only to trusted users"

aklapper merged https://gitlab.wikimedia.org/repos/phabricator/phabricator/-/merge_requests/84

Revert "Expose the Edit Task Priority dropdown field only to trusted users"

Setting this restriction for the default form worked correctly with the patch which I reverted half an hour ago but afterwards that overwritten visibility/lock setting of the Priority field gets overwritten by whatever is defined for the Priority field by the used non-default EditEngine form.
And by default, there is only locking on the level of the entire form, not for particular fields of the form.

The right place to interfere would be when loading a form config in PhabricatorEditEngineConfiguration.
But that class has no way to get the current actor (to check the actor's project memberships etc).

Thus I'm declining this idea for now.

Pasting the latest code I played with, in case someone ever wants to pick this up again:

[acko@fedora phabricator (wmf/stable *$|u=)]$ git diff src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php
diff --git a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php
index e3448c676b..e3f1a41c61 100644
--- a/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php
+++ b/src/applications/transactions/storage/PhabricatorEditEngineConfiguration.php
@@ -18,6 +18,8 @@ final class PhabricatorEditEngineConfiguration
   protected $editOrder = 0;
   protected $subtype;
 
+  private $actor; // WMF T363337
+
   private $engine = self::ATTACHABLE;
 
   const LOCK_VISIBLE = 'visible';
@@ -32,6 +34,7 @@ final class PhabricatorEditEngineConfiguration
     PhabricatorUser $actor,
     PhabricatorEditEngine $engine) {
 
+    $this->$actor = $actor; // WMF T363337; no other way to get actor. But does not work because static function.
     return id(new PhabricatorEditEngineConfiguration())
       ->setSubtype(PhabricatorEditEngine::SUBTYPE_DEFAULT)
       ->setEngineKey($engine->getEngineKey())
@@ -175,6 +178,23 @@ final class PhabricatorEditEngineConfiguration
           if ($field->getIsLockable()) {
             $field->setIsLocked(false);
           }
+          // WMF hack BEGIN: Only show Edit Priority when user is trusted - T363337
+          if ($key == 'priority') {
+            $actor_phid = $this->$actor->getPHID();
+            $trusted_project_names = ["Trusted-Contributors", "WMF-NDA", "acl*sre-team",
+                                      "acl*security", "acl*Batch-Editors", "acl*phabricator"];
+            $projects = WMFSecurityPolicy::getProjectByName($trusted_project_names, $actor_phid, true);
+            if ($projects) { // allow to edit priority if no $projects found AT ALL
+              foreach ($projects as $proj) {
+                if ($proj instanceof PhabricatorProject && $proj->isUserMember($actor_phid)) {
+                  break;
+                }
+              }
+            } else {
+              $field->setIsLocked(true);
+            }
+          }
+          // WMF hack END: Only show Edit Priority when user is trusted - T363337
           break;
         default:
           // If we don't have an explicit value, hide the field. This way,

Aklapper mentioned this in T387873: Deploy Phabricator/Phorge 2025-03-04.Mar 4 2025, 4:07 PM

Aklapper mentioned this in T391382: Block change priority task for for reporter, who is not assignee.Apr 8 2025, 5:52 PM

Aklapper merged a task: T391382: Block change priority task for for reporter, who is not assignee.

Aklapper added subscribers: No4ni, Bugreporter.

Johannnes89 subscribed.Apr 8 2025, 7:55 PM

Pppery added a project: Phabricator.Apr 8 2025, 7:56 PM

Restrict editing task priority to Trusted-Contributors/staff/etcClosed, DeclinedPublicActions

Description

Details

Related Objects

Event Timeline

Restrict editing task priority to Trusted-Contributors/staff/etc
Closed, DeclinedPublic
Actions