Minor thing, but I don't like how the "visible to" and "editable by" fields are so available. I'd prefer if there was just two options, "Public", and "security". It would discourage people from making non-visible bugs unless there is a definite reason to.
Maybe the "Editable by" field could be useful as an anti-vandalism measure on rare occasion, but I would expect it to be restricted to "admins" or something.
| Status | Subtype | Assigned | Task | ||
|---|---|---|---|---|---|
| Resolved | Qgil | T553 Engineering Community team goals for October 2014 | |||
| Resolved | Qgil | T174 Launch Wikimedia Phabricator Day 1 | |||
| Resolved | Qgil | T175 Nominate a team in charge of deploying and maintaining Wikimedia Phabricator code | |||
| Resolved | • RobLa-WMF | T17 Allocate resources for the migration and maintenance | |||
| Resolved | Qgil | T19 Define which features existing in our current tools are really missing in Phabricator | |||
| Resolved | Qgil | T15 Migrate Bugzilla to Phabricator | |||
| Resolved | Aklapper | T22 Identify features Bugzilla users would miss in Phabricator | |||
| Invalid | • chasemp | T34 Configure Phabricator for our needs | |||
| Resolved | Aklapper | T86 Too many permissions triggerable from the bug ("Can Edit Task Policies") |
qgil wrote on 2014-04-17 23:44:27 (UTC)
I am still not sure how permissions work for Maniphest.
When you edit a project, you can define "Editable By" from "All users" (as it is the case of the Wikimedia Phabricator project) to "No one", "Administrators", "Wikimedia Phabricator" members, members of other projects... I'm not sure what "Editable By" means, though.
If we assign Edit By Wikimedia Phabricator members, does it mean that only these members can create and comment on tasks? or does it mean that only these members can edit parameters like Priority, Visible To, Editable By?
I guess a good vandalism-safe scenario would be Visible to all, registered users can comment, project members can edit tasks details?
Nemo_bis wrote on 2014-04-18 07:40:03 (UTC)
No. All registered users (approximately) must be able to edit task details, or it will be a severe regression compared to bugzilla. See also http://fab.wmflabs.org/T146
Personally I would be fine if the permissions on a task were still available, but collapsed somewhere; I agree with bawolff than even better would be to just remove them for anyone (except perhaps the equivalent of bugzilla administrators) to ensure consistency within a project/component.
epriestley wrote on 2014-04-18 12:57:08 (UTC)
You can adjust at least some these globally in Applications -> Maniphest:
qgil wrote on 2014-04-18 14:32:16 (UTC)
This is useful. Is there an option for granting permissions to "Project members" (as opposed to the members of a specific project). If so, then I think this could cover our needs.
A setup that could work by default
If specific projects need stricter permissions (e.g. Security) then we could apply them at project level. There seems to a problem of tasks of a project not inheriting the restrictions of the project, though -- see T95
epriestley wrote on 2014-04-18 14:36:11 (UTC)
https://secure.phabricator.com/T3820 discusses project/policy interactions.
qgil wrote on 2014-04-22 21:52:08 (UTC)
I have started untangling this problem at T4850: Defining policies for "Project Members"
See also my comments at T95#7 to define a use case around our requirement for security bugs.
qgil wrote on 2014-04-23 05:46:25 (UTC)
After editing Maniphest's "Can Edit Task Policies", now the "visible to" and "editable by" fields are only shown to administrators and members of the "Security TEST" team.
Regular users can still edit
About making tasks private, the idea would be that anybody could add a task to the Security, and that would make it "disappear" for everybody excet the Security team, the reporter, and whoever is kept CCed. This use case is being discussed at T95.
I believe this fulfills the original request. Marking the task resolved. Please reopen if there is anything missing.
aklapper wrote on 2014-04-23 07:53:45 (UTC)
Quim: Thanks so much for investigating this!