Page MenuHomePhabricator
Create Task
Maniphest T76929

Provide alternate style for non-public issues
Closed, ResolvedPublic
Actions

Description

Reported upstream: https://secure.phabricator.com/T6787

Because of the ease of accidentally filing a public Security issue (relative to Bugzilla), it would be nice to have a more prominent indicator of public vs not than the grey-on-grey globe icon plus text. For example, a banner color change or a background color change would be nice. That would make it much easier to notice when something is amiss with the view permissions on a task. Even if the cat is out of the bag, just knowing that helps us take appropriate action.

I imagine that wouldn't be a feature that the Phabricator folks would want as a standard styling change, but it would be nice to at least have well-placed class markers such that it'd be possible for us to override the default style sheet to get the styling we want. The class could be added any time that the issue is not "public". Even though that may sound overly specific to our use case, just knowing how other organizations use public/private issue trackers (I've administered public/private installations at two other orgs), I suspect this has general applicability.

This all assumes, of course, that "we" want it, which the "we" right now is only Chris Steipp and myself, but I file this partly to gauge if "we" is ultimately bigger than two people.

Related Objects
Search...

StatusSubtypeAssignedTask
 ResolvedQgilT553 Engineering Community team goals for October 2014
 ResolvedQgilT174 Launch Wikimedia Phabricator Day 1
 ResolvedQgilT175 Nominate a team in charge of deploying and maintaining Wikimedia Phabricator code
 Resolved RobLa-WMFT17 Allocate resources for the migration and maintenance
 ResolvedQgilT19 Define which features existing in our current tools are really missing in Phabricator
 ResolvedDzahnT30 Identify features RT users would miss in Phabricator
 ResolvedQgilT15 Migrate Bugzilla to Phabricator
 ResolvedAklapperT22 Identify features Bugzilla users would miss in Phabricator
 Invalid mmodellT235 Maniphest task does not show project name when being logged out if project visibility is not set to "Public"
 Resolved mmodellT50 Restricting access to tasks based on project membership
 Resolved mmodellT77228 Let non-members watch projects
 DeclinedQgilT85006 Cannot send comments in via email for restricted tasks I receive updates for via email
 Resolved mmodellT76929 Provide alternate style for non-public issues
 ResolvedQgilT823 Implement Phabricator Spaces
 ResolvedRobHT38 Migrate RT to Phabricator
 ResolvedAklapperT39 Set up permissions for Phabricator
 ResolvedAklapperT43 Decide how to organize projects
 ResolvedAklapperT107 Figure out a replacement for "easy" keyword: Create an "Easy" project in Phabricator
 ResolvedAklapperT100 Decide how to organize iterations and releases
 ResolvedAklapperT101 Figure out a process for backports: Create "WMF-Server-Backports" and "MediaWiki-Tarball-Backports" projects
 DeclinedAklapperT102 Decide whether we need to add a severity (impact) field to match Bugzilla's
 ResolvedQgilT268 Decide on "Priority" field values for Maniphest tasks
 Resolved chasempT212 Decide which task statuses we want to have in Maniphest
 Resolved chasempT245 create script to dump RT tickets and relevant data to static and structured format
 Resolved chasempT419 Handle metadata / user account claiming on imported tickets
 Resolved chasempT572 Determine the fate of comment metadata from legacy systems in phabricator.wikimedia.org
Restricted Task
 Resolved chasempT918 Author: line remains in the description, even after the task is claimed by email address
 Resolved chasempT376 logic to import rt data into phabricator
 ResolvedQgilT76773 Schedule RT migration for Thu 18 Dec 00:00UTC (Wed 17 Dec 16:00PST) until Thu 18Dec 08:00UTC (00:00PST)
 ResolvedgpaumierT76987 Blog post announcing the RT migration to Phabricator
 ResolvedAklapperT76989 Document the details of the RT migration
 ResolvedDzahnT674 need to figure out how to make an rt queue read-only
 ResolvedDzahnT675 need to figure out how to redirect mail for a particular rt queue
 DeclinedNoneT118176 migrate RT maint-announce into phabricator
 InvalidRobHT120033 this is a test subtask
 DuplicateRobHT120034 this is the second test sub-task
Unknown Object (Task)
Unknown Object (Task)
 Declined mmodellT517 Still, restricting access to tasks based on project membership
 Duplicate mmodellT518 Users CCed in private tasks should be able to access them
 ResolvedQgilT76401 Short term plan for security and private tasks
Restricted Task
 Resolved mmodellT101929 Next Phabricator Upgrade: 2015-06-10
 Resolved SpringleT101347 need 'spaces' database for phabricator
 ResolvedNoneT102473 Visibility policies for objects in private Spaces can include 'Public' and be very misleading
 Resolved mmodellT104047 Next Phabricator upgrade: 2015-07-01

Event Timeline

RobLa-WMF created this task.Dec 6 2014, 2:27 AM
RobLa-WMF raised the priority of this task from to Needs Triage.
RobLa-WMF updated the task description. (Show Details)
RobLa-WMF added projects: acl*security, Phabricator (Upstream).
RobLa-WMF changed Security from none to None.
RobLa-WMF added subscribers: RobLa-WMF, csteipp.
Ironholds subscribed.Dec 6 2014, 9:22 AM

On the "we" front: not a security person, but a security-concious-and-paranoid person: it seems like something we should have. We constantly have problems on the projects with staffers accidentally editing from their personal accounts, even with a CSS hack that makes the staff account edit window bright red. So, more prominence for "this is sensitive, be careful" would be...good.

Jalexander awarded a token.Dec 6 2014, 2:11 PM
Qgil triaged this task as Medium priority.Dec 6 2014, 2:34 PM
Qgil added subscribers: mmodell, chasemp, Qgil.

Yes, we are aware of this problem and, in fact, we discussed in our last team meeting, on Wednesday.

We were talking about something technically simple and clearly visible, like changing the background to pink or something. This visual cue would take effect when the Visible policy is other than Public or All Users.

@mmodell, @chasemp, even if we plan to work on this, it would be good to upstream this request as well, don't you think? I'm happy to do it but I will wait for your opinion.

Qgil moved this task from Backlog to Need Discussion on the Phabricator (Upstream) board.Dec 6 2014, 2:34 PM
Krenair subscribed.Dec 6 2014, 4:55 PM
Aklapper added a comment.Dec 8 2014, 11:49 AM

My local quick'n'dirty hack if we are not in edit mode and whenever a task is not entirely public is:

if (document.getElementsByClassName('policy-link')[0].innerHTML != "Public") {
  (document.getElementsByClassName('policy-link')[0]).setAttribute('style', "background-color:#FF7777;");
} else {
  (document.getElementsByClassName('policy-link')[0]).setAttribute('style', "background-color:#9be644;");
}

➔ below the task summary the second item next to the task status gets either a red or green background.

But background color of the entire page would be better. Mozilla Bugzilla has a local hack for that for security bug reports (probably based on the product of a ticket).

mmodell claimed this task.Dec 9 2014, 5:21 PM

This is a very good idea.

I'll try find a way to do this with minimal amount of dirty hacks.

Qgil moved this task from Need Discussion to Ready To Go on the Phabricator (Upstream) board.Dec 17 2014, 7:27 AM
Qgil updated the task description. (Show Details)Dec 19 2014, 11:22 AM
Qgil moved this task from Ready To Go to Wikimedia requests on the Phabricator (Upstream) board.
mmodell lowered the priority of this task from Medium to Low.Dec 19 2014, 11:58 AM
Qgil added a subtask: T76401: Short term plan for security and private tasks .Dec 31 2014, 9:37 AM
Qgil closed subtask T76401: Short term plan for security and private tasks as Resolved.
Ironholds unsubscribed.Feb 25 2015, 5:38 PM
mmodell changed the task status from Open to Stalled.Jun 10 2015, 6:09 AM
mmodell lowered the priority of this task from Low to Lowest.
mmodell edited projects, added Phabricator; removed Phabricator (Upstream).

Alathough this is a good idea, I simply don't have time to work on it right now and it isn't as easy as I had hoped.

Qgil added a comment.Jun 10 2015, 6:42 AM

OK, but why Stalled and why not Phabricator-Upstream?

Part of this problem should be solved with Phabricator Spaces (for tasks located in those spaces).

Qgil added a subtask: T823: Implement Phabricator Spaces.Jun 10 2015, 6:43 AM
mmodell moved this task from To Triage to Misc on the Phabricator board.Jun 10 2015, 8:06 AM
Aklapper changed the task status from Stalled to Open.Jun 10 2015, 11:00 AM

I don't see how this is stalled (nobody can work on it). If it's technically stalled, some explanation would be welcome.

Parent5446 subscribed.Jun 10 2015, 5:35 PM
mmodell removed mmodell as the assignee of this task.Jun 18 2015, 1:36 AM

@Aklapper: I thought stalled meant 'I'm not working on it' rather than 'nobody can'

Restricted Application added a subscriber: scfc. · View Herald TranscriptJun 18 2015, 1:36 AM
Qgil closed subtask T823: Implement Phabricator Spaces as Resolved.Jul 2 2015, 1:58 PM
mmodell closed this task as Resolved.Oct 18 2015, 7:39 PM
mmodell claimed this task.

This task is resolved upstream, and we've pulled the change, so I guess it should be resolved here as well.

greg added a project: Essential-Work.Jan 13 2016, 9:39 PM
Restricted Application added a subscriber: Luke081515. · View Herald TranscriptJan 13 2016, 9:39 PM
chasemp added a project: Security.Feb 10 2020, 11:01 PM
chasemp removed a project: acl*security.Feb 20 2020, 8:18 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL