Page MenuHomePhabricator

"Access Denied" for commit emails sent by diffusion
Closed, DuplicatePublic

Description

The "Access Denied" part of the problem has been reported upstream: https://secure.phabricator.com/T6790

I am getting emails from Diffusion about old changes, but clicking a link there gives a Access Denied message:

Access Denied: Restricted Application
You do not have permission to view this object.
Users with the "Can View" capability:
Administrators can take this action.

example link: https://phabricator.wikimedia.org/rECAUdce6468d5859 for gerrit I1c01d2c772f43542b91df374b7408b861b68cfc6

Is there a way to avoid such emails, because I cannot read the destination and it is a old patch set already merged?

Thanks

Event Timeline

Umherirrender raised the priority of this task from to Needs Triage.
Umherirrender updated the task description. (Show Details)
Umherirrender changed Security from none to None.
Umherirrender added a subscriber: Umherirrender.

I sent an e-mail about this to wikitech-l

A) The e-mails should not have gone out and did not in testing. I apologize.
B) The commits themselves will become visible as then finish importing.

I actually think we might have stumbled onto some bad Phab behavior here. Leaving that project.

Thanks for the explanation, for me this task is resolved, but it seems it is needed to coordinate a upstream issue, so leaving it open.

It also flood the profile: https://phabricator.wikimedia.org/p/Umherirrender/
but that is not a problem, because I am not looking there very often.

Qgil triaged this task as Medium priority.Dec 11 2014, 11:47 AM
Qgil added a subscriber: Qgil.

The "access denied" bit is indeed an upstream bug, confirmed today.

Qgil claimed this task.

This isn't fixed.

In T78154#959452, @Chad wrote:

This isn't fixed.

Is there an upstream for the non-access-denied email-being-sent-inappropriately part of this bug?

In T78154#959452, @Chad wrote:

This isn't fixed.

Is there an upstream for the non-access-denied email-being-sent-inappropriately part of this bug?

I haven't filed one. Tried poking IRC like twice and didn't get anywhere.

Can you outline here the deal and how to reproduce and I will try to catch upstream on this?

It's easy.

  1. Create repo via conduit with heraldEnabled: false
    • Can also create via web (initially disabled), turn off herald, then enable
  2. Let repo begin importing
  3. Anyone who doesn't have Audit e-mails disabled gets e-mails about their historical commits
Qgil removed Qgil as the assignee of this task.Jan 8 2015, 12:46 PM

I think the relevant code is at
https://github.com/phacility/phabricator/blob/master/src/applications/audit/editor/PhabricatorAuditEditor.php#L907

and

https://github.com/phacility/phabricator/blob/1ac84c1b59de12a62ab2b625d3f74aa81cb70fe3/src/applications/audit/editor/PhabricatorAuditEditor.php#L533

as a quick hack, one could simply insert a 'return false;'?

The code was implemented in https://secure.phabricator.com/D10221 , but I think I might be confused by their terminology: 'import' seems to relate to any commit there, not commits that are imported using the command-line tool.

chasemp renamed this task from Do not send emails when importing changes to Diffusion to "Access Denied" for commit emails sent by diffusion.Jan 14 2015, 3:36 PM
chasemp closed this task as Resolved.
chasemp claimed this task.

I am breaking apart the perms and emails issues. The perms one if fixed, the email one is upstream still.

This should be

In T78154#960491, @Chad wrote:
  1. Create repo via conduit with heraldEnabled: false
    • Can also create via web (initially disabled), turn off herald, then enable
  2. Let repo begin importing
  3. Anyone who doesn't have Audit e-mails disabled gets e-mails about their historical commits

This part should also get fixed when we pull next time, see https://secure.phabricator.com/T6887#99576

Private browser window, https://www.google.it/search?q=%22download+raw+diff%22+site:phabricator.wikimedia.org says "Circa 551.000 risultati".
Clicked the first ten links, eight worked (no "Access denied" or such).

Two were to files which were 404s (e.g. F42502), kind of wondering how that happened but not the topic of this task.