Page MenuHomePhabricator

Task's subscribers list says "Restricted Mailing List" instead of "wikibugs-l" when not logged in
Closed, ResolvedPublic

Description

Reported upstream: https://secure.phabricator.com/T6869

As an unregistered user visiting https://phabricator.wikimedia.org/T25382 , I want to see "wikibugs-l" instead of "Restricted Mailing List" so that I'm not provided with misleading/irrelevant information.

Event Timeline

Nemo_bis raised the priority of this task from to Needs Triage.
Nemo_bis updated the task description. (Show Details)
Nemo_bis added a project: Phabricator.
Nemo_bis changed Security from none to None.
Nemo_bis added a subscriber: Nemo_bis.
Qgil triaged this task as Low priority.Dec 9 2014, 1:21 PM
Qgil added a subscriber: Qgil.

https://phabricator.wikimedia.org/applications/view/PhabricatorMailingListsApplication/ says

Can Use Application All Users

https://phab-01.wmflabs.org/applications/view/PhabricatorMailingListsApplication/ and https://secure.phabricator.com/applications/view/PhabricatorMailingListsApplication/ say "Public" instead.

Maybe this is all that needs to be fixed? I don't know if "Public" means that anonymous users can mess with the current mailing lists introduced. But well, even if that would be the case, this would not be very different from any logged in user being able to mess up... In any case, there is no separate Can View policy here.

I think @mmodell set this as we realized indeed that any anon could mess with the mailing lists. Some priv separation is missing I suppose.

Let's test this assumption.

As anonymous user, https://phab-01.wmflabs.org/mailinglists/ shows no list, and therefore there is nothing I can mess up with. If I click "Create list", then a login form appears. In other words, there is nothing that anonymous me can do.

However, if you visit https://phab-01.wmflabs.org/mailinglists/ as logged in user, you can see "wikitech-announce", and you can edit it.

The thing is, as anonymous user "wikitech-announce" also shows as "Restricted Mailing List" in https://phab-01.wmflabs.org/T460

Conclusion: these permissions seem to be messed up. It looks like the desired solution is the usual separate policies for Can Use, Can View, Can Edit.

I wasn't really around for the perm change I just vaguely recall. But a view/edit separation seems in order.

Upstream seems uninterested in fixing this because mailing lists are essentially deprecated or a dead-end in their roadmap.

Upstream seems uninterested in fixing this because mailing lists are essentially deprecated or a dead-end in their roadmap.

{{citation needed}} :)

Is there a specific task mentioning this case?

Qgil moved this task from Need Discussion to Upstreamed on the Phabricator (Upstream) board.
Qgil added a subscriber: Krenair.

https://secure.phabricator.com/T6869 has been fixed upstream, but I don't know whether this fix will make it to T78243: Phabricator upgrade on 2015-01-14 or whether we have already taken the upstream snapshot we will upgrade to.

Not yet fixed in our currently deployed version; plus leaving open as I want to retest after pulling

After the upgrade, it still says "Restricted Mailing List" i.e. T69095.

Aklapper renamed this task from Task says "Restricted Mailing List" instead of "wikibugs-l" to Task's subscribers list says "Restricted Mailing List" instead of "wikibugs-l" when not logged in.Feb 18 2015, 4:59 PM

The upstream change allows local administrators to alter the settings to allow the Mailing lists application to be used by logged out users. Previously you could set that policy, but it would have no effect.

The upstream change allows local administrators to alter the settings to allow the Mailing lists application to be used by logged out users. Previously you could set that policy, but it would have no effect.

I think it's ok now. The issue before was also that by setting to public anonymous users could edit the lists. Seems not so anymore.

T89854

Krenair claimed this task.

Okay, this seems resolved. Now there is a different issue.