Page MenuHomePhabricator

Provide alternate style for non-public issues
Closed, ResolvedPublic

Description

Reported upstream: https://secure.phabricator.com/T6787

Because of the ease of accidentally filing a public Security issue (relative to Bugzilla), it would be nice to have a more prominent indicator of public vs not than the grey-on-grey globe icon plus text. For example, a banner color change or a background color change would be nice. That would make it much easier to notice when something is amiss with the view permissions on a task. Even if the cat is out of the bag, just knowing that helps us take appropriate action.

I imagine that wouldn't be a feature that the Phabricator folks would want as a standard styling change, but it would be nice to at least have well-placed class markers such that it'd be possible for us to override the default style sheet to get the styling we want. The class could be added any time that the issue is not "public". Even though that may sound overly specific to our use case, just knowing how other organizations use public/private issue trackers (I've administered public/private installations at two other orgs), I suspect this has general applicability.

This all assumes, of course, that "we" want it, which the "we" right now is only Chris Steipp and myself, but I file this partly to gauge if "we" is ultimately bigger than two people.

Related Objects

StatusAssignedTask
ResolvedQgil
ResolvedQgil
ResolvedQgil
Resolved RobLa-WMF
ResolvedQgil
ResolvedDzahn
ResolvedQgil
ResolvedChristopher
ResolvedAklapper
ResolvedChristopher
ResolvedChristopher
Invalidmmodell
Resolvedmmodell
Resolvedmmodell
DeclinedQgil
Resolvedmmodell
ResolvedQgil
ResolvedRobH
ResolvedAklapper
ResolvedAklapper
ResolvedAklapper
ResolvedAklapper
ResolvedAklapper
DeclinedAklapper
ResolvedQgil
Resolvedchasemp
Resolvedchasemp
Resolvedchasemp
Resolvedchasemp
Resolvedchasemp
Resolvedchasemp
ResolvedQgil
Resolvedgpaumier
ResolvedAklapper
ResolvedDzahn
ResolvedDzahn
DeclinedNone
ResolvedRobH
DuplicateRobH
Declinedmmodell
Duplicatemmodell
ResolvedQgil
Resolvedmmodell
ResolvedSpringle
ResolvedNone
Resolvedmmodell

Event Timeline

RobLa-WMF updated the task description. (Show Details)
RobLa-WMF raised the priority of this task from to Needs Triage.
RobLa-WMF changed Security from none to None.
RobLa-WMF added subscribers: RobLa-WMF, csteipp.

On the "we" front: not a security person, but a security-concious-and-paranoid person: it seems like something we should have. We constantly have problems on the projects with staffers accidentally editing from their personal accounts, even with a CSS hack that makes the staff account edit window bright red. So, more prominence for "this is sensitive, be careful" would be...good.

Qgil triaged this task as Normal priority.Dec 6 2014, 2:34 PM
Qgil added subscribers: mmodell, chasemp, Qgil.

Yes, we are aware of this problem and, in fact, we discussed in our last team meeting, on Wednesday.

We were talking about something technically simple and clearly visible, like changing the background to pink or something. This visual cue would take effect when the Visible policy is other than Public or All Users.

@mmodell, @chasemp, even if we plan to work on this, it would be good to upstream this request as well, don't you think? I'm happy to do it but I will wait for your opinion.

Krenair added a subscriber: Krenair.Dec 6 2014, 4:55 PM

My local quick'n'dirty hack if we are not in edit mode and whenever a task is not entirely public is:

if (document.getElementsByClassName('policy-link')[0].innerHTML != "Public") {
  (document.getElementsByClassName('policy-link')[0]).setAttribute('style', "background-color:#FF7777;");
} else {
  (document.getElementsByClassName('policy-link')[0]).setAttribute('style', "background-color:#9be644;");
}

➔ below the task summary the second item next to the task status gets either a red or green background.

But background color of the entire page would be better. Mozilla Bugzilla has a local hack for that for security bug reports (probably based on the product of a ticket).

mmodell claimed this task.Dec 9 2014, 5:21 PM

This is a very good idea.

I'll try find a way to do this with minimal amount of dirty hacks.

Qgil updated the task description. (Show Details)Dec 19 2014, 11:22 AM
Qgil moved this task from Ready To Go to Wikimedia requests on the Phabricator (Upstream) board.
mmodell lowered the priority of this task from Normal to Low.Dec 19 2014, 11:58 AM
mmodell changed the task status from Open to Stalled.Jun 10 2015, 6:09 AM
mmodell lowered the priority of this task from Low to Lowest.
mmodell edited projects, added Phabricator; removed Phabricator (Upstream).

Alathough this is a good idea, I simply don't have time to work on it right now and it isn't as easy as I had hoped.

Qgil added a comment.Jun 10 2015, 6:42 AM

OK, but why Stalled and why not Phabricator-Upstream?

Part of this problem should be solved with Phabricator Spaces (for tasks located in those spaces).

mmodell moved this task from To Triage to Misc on the Phabricator board.Jun 10 2015, 8:06 AM
Aklapper changed the task status from Stalled to Open.Jun 10 2015, 11:00 AM

I don't see how this is stalled (nobody can work on it). If it's technically stalled, some explanation would be welcome.

mmodell removed mmodell as the assignee of this task.Jun 18 2015, 1:36 AM

@Aklapper: I thought stalled meant 'I'm not working on it' rather than 'nobody can'

Restricted Application added a subscriber: scfc. · View Herald TranscriptJun 18 2015, 1:36 AM
mmodell closed this task as Resolved.Oct 18 2015, 7:39 PM
mmodell claimed this task.

This task is resolved upstream, and we've pulled the change, so I guess it should be resolved here as well.

Restricted Application added a subscriber: Luke081515. · View Herald TranscriptJan 13 2016, 9:39 PM