Page MenuHomePhabricator
Create Task
Maniphest T78154

"Access Denied" for commit emails sent by diffusion
Closed, DuplicatePublic
Actions

Description

The "Access Denied" part of the problem has been reported upstream: https://secure.phabricator.com/T6790

I am getting emails from Diffusion about old changes, but clicking a link there gives a Access Denied message:

Access Denied: Restricted Application
You do not have permission to view this object.
Users with the "Can View" capability:
Administrators can take this action.

example link: https://phabricator.wikimedia.org/rECAUdce6468d5859 for gerrit I1c01d2c772f43542b91df374b7408b861b68cfc6

Is there a way to avoid such emails, because I cannot read the destination and it is a old patch set already merged?

Thanks

Related Objects
Search...

Event Timeline

Umherirrender created this task.Dec 10 2014, 4:01 PM
Umherirrender raised the priority of this task from to Needs Triage.
Umherirrender updated the task description. (Show Details)
Umherirrender added projects: Phabricator, Phabricator (Upstream).
Umherirrender changed Security from none to None.
Umherirrender subscribed.
demon subscribed.Dec 10 2014, 4:19 PM

I sent an e-mail about this to wikitech-l

A) The e-mails should not have gone out and did not in testing. I apologize.
B) The commits themselves will become visible as then finish importing.

Se4598 subscribed.Dec 10 2014, 4:19 PM
Qgil edited projects, added Gitblit-Deprecate; removed Phabricator (Upstream), Phabricator.Dec 10 2014, 4:35 PM
demon added a project: Phabricator.Dec 10 2014, 4:40 PM

I actually think we might have stumbled onto some bad Phab behavior here. Leaving that project.

Umherirrender added a comment.Dec 10 2014, 5:12 PM

Thanks for the explanation, for me this task is resolved, but it seems it is needed to coordinate a upstream issue, so leaving it open.

It also flood the profile: https://phabricator.wikimedia.org/p/Umherirrender/
but that is not a problem, because I am not looking there very often.

Umherirrender mentioned this in T78181: Access Denied to Diffusion commit.Dec 10 2014, 7:25 PM
demon merged a task: T78181: Access Denied to Diffusion commit.Dec 10 2014, 7:33 PM
demon added a subscriber: He7d3r.
Qgil merged a task: T78185: Phabricator spam commit notification I cant access.Dec 10 2014, 7:36 PM
Qgil added a subscriber: hashar.
Qgil merged a task: T78249: access denied to own commit.Dec 11 2014, 10:10 AM
Qgil added a subscriber: Lokal_Profil.
Qgil mentioned this in T78246: Notifications about events in restricted applications can't be marked read.Dec 11 2014, 10:12 AM
Qgil triaged this task as Medium priority.Dec 11 2014, 11:47 AM
Qgil subscribed.
hashar unsubscribed.Dec 11 2014, 3:14 PM
demon added a comment.Dec 19 2014, 8:00 PM

The "access denied" bit is indeed an upstream bug, confirmed today.

Qgil updated the task description. (Show Details)Dec 19 2014, 8:22 PM
Qgil added a project: Phabricator (Upstream).
Qgil moved this task from Backlog to Wikimedia requests on the Phabricator (Upstream) board.
demon mentioned this in T85047: Access denied when trying to view Diffusion commits.Dec 20 2014, 2:05 AM
demon added a subtask: T85047: Access denied when trying to view Diffusion commits.
Qgil added a subtask: T78243: Phabricator upgrade on 2015-01-14.Dec 20 2014, 1:26 PM
Qgil moved this task from To Triage to Doing on the Phabricator board.Dec 22 2014, 10:04 AM
Glaisher subscribed.Dec 22 2014, 4:38 PM
Qgil added subscribers: DarTar, Milimetric.Dec 31 2014, 9:54 PM
Aklapper closed subtask T85047: Access denied when trying to view Diffusion commits as Resolved.Jan 5 2015, 7:32 PM
Qgil closed this task as Resolved.Jan 7 2015, 10:44 AM
Qgil claimed this task.
demon reopened this task as Open.Jan 7 2015, 3:04 PM

This isn't fixed.

chasemp subscribed.Jan 7 2015, 7:11 PM
In T78154#959452, @Chad wrote:

This isn't fixed.

Is there an upstream for the non-access-denied email-being-sent-inappropriately part of this bug?

demon added a comment.Jan 7 2015, 7:12 PM
In T78154#960467, @chasemp wrote:
In T78154#959452, @Chad wrote:

This isn't fixed.

Is there an upstream for the non-access-denied email-being-sent-inappropriately part of this bug?

I haven't filed one. Tried poking IRC like twice and didn't get anywhere.

chasemp added a comment.Jan 7 2015, 7:13 PM

Can you outline here the deal and how to reproduce and I will try to catch upstream on this?

demon added a comment.Jan 7 2015, 7:15 PM

It's easy.

  1. Create repo via conduit with heraldEnabled: false
    • Can also create via web (initially disabled), turn off herald, then enable
  2. Let repo begin importing
  3. Anyone who doesn't have Audit e-mails disabled gets e-mails about their historical commits
Qgil removed Qgil as the assignee of this task.Jan 8 2015, 12:46 PM
valhallasw subscribed.Jan 12 2015, 7:34 PM

I think the relevant code is at
https://github.com/phacility/phabricator/blob/master/src/applications/audit/editor/PhabricatorAuditEditor.php#L907

and

https://github.com/phacility/phabricator/blob/1ac84c1b59de12a62ab2b625d3f74aa81cb70fe3/src/applications/audit/editor/PhabricatorAuditEditor.php#L533

as a quick hack, one could simply insert a 'return false;'?

The code was implemented in https://secure.phabricator.com/D10221 , but I think I might be confused by their terminology: 'import' seems to relate to any commit there, not commits that are imported using the command-line tool.

chasemp renamed this task from Do not send emails when importing changes to Diffusion to "Access Denied" for commit emails sent by diffusion.Jan 14 2015, 3:36 PM
chasemp closed this task as Resolved.
chasemp claimed this task.

I am breaking apart the perms and emails issues. The perms one if fixed, the email one is upstream still.

chasemp added a comment.Jan 14 2015, 3:38 PM

note: T86769: Diffusion sends emails for legacy commits (some repos but not all)

chasemp closed this task as a duplicate of T85047: Access denied when trying to view Diffusion commits.Jan 14 2015, 3:39 PM
chasemp closed subtask T78243: Phabricator upgrade on 2015-01-14 as Resolved.Jan 14 2015, 4:06 PM
Nemo_bis subscribed.Jan 14 2015, 9:00 PM

https://www.google.it/search?q="download+raw+diff"+site:phabricator.wikimedia.org currently has 33k results for me. Zero on yahoo.com.

Aklapper added a comment.Mar 3 2015, 11:54 AM

This should be

In T78154#960491, @Chad wrote:
  1. Create repo via conduit with heraldEnabled: false
    • Can also create via web (initially disabled), turn off herald, then enable
  2. Let repo begin importing
  3. Anyone who doesn't have Audit e-mails disabled gets e-mails about their historical commits

This part should also get fixed when we pull next time, see https://secure.phabricator.com/T6887#99576

Nemo_bis added a comment.Mar 17 2015, 10:12 AM
In T78154#977290, @Nemo_bis wrote:

https://www.google.it/search?q="download+raw+diff"+site:phabricator.wikimedia.org currently has 33k results for me.

546k now, which sounds right.

Aklapper added a comment.Mar 17 2015, 11:46 AM

Private browser window, https://www.google.it/search?q=%22download+raw+diff%22+site:phabricator.wikimedia.org says "Circa 551.000 risultati".
Clicked the first ten links, eight worked (no "Access denied" or such).

Two were to files which were 404s (e.g. F42502), kind of wondering how that happened but not the topic of this task.

demon moved this task from To Triage to Done on the Gitblit-Deprecate board.Jan 13 2016, 9:38 PM
Restricted Application added subscribers: Luke081515, scfc. · View Herald TranscriptJan 13 2016, 9:38 PM
Danny_B added a project: Upstream.May 23 2016, 6:04 PM
Restricted Application added a subscriber: TerraCodes. · View Herald TranscriptMay 23 2016, 6:04 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits