Page MenuHomePhabricator
Create Task
Maniphest T91995

New tasks on phab-01.wmflabs.org created with conduit aren't visible to others
Closed, ResolvedPublic
Actions

Description

I've been migrating Trello cards, testing first on phab-01. The cards I created from February 19 onwards aren't viewable by others, e.g. https://phab-01.wmflabs.org/T697
The card history has:

Maniphest changed the visibility of this Task from "Public (No Login Required)" to "Custom Policy". Via Old World · Thu, Mar 5, 7:25 AM
Maniphest changed the edit policy of this Task from "All Users" to "Custom Policy".

(Chasemp wasn't sure what Via Old World means.) Back in January Maniphest on phab-01 didn't reach in and change card settings, e.g. https://phab-01.wmflabs.org/T488

I can reproduce by filling in the form at https://phab-01.wmflabs.org/conduit/method/maniphest.createtask/ . I suspect the fix is to explicitly set viewPolicy and editPolicy in the conduit request to some undocumented value, but phabricator.wikimedia.org doesn't need this step. Or maybe my import user "trellimport" needs different settings.

The workaround is to edit each task and change its "Visible To" and "Editable By" fields; sadly I can't do this in Maniphest query's batch editing mode.

(This isn't high severity or priority for my work.)

Event Timeline

Spage created this task.Mar 9 2015, 6:37 PM
Spage raised the priority of this task from to Needs Triage.
Spage updated the task description. (Show Details)
Spage added a project: Phabricator.
Spage added subscribers: Spage, chasemp.
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptMar 9 2015, 6:37 PM
chasemp assigned this task to mmodell.Mar 11 2015, 8:30 PM
chasemp triaged this task as High priority.
chasemp set Security to None.

self::SOURCE_UNKNOWN => pht('Old World'),

So yeah that's weird.

Well I removed:

{ "events.listeners": ["SecurityPolicyEventListener"],

configuration and it went away so I'm guessing this has to be our local stuff?

@mmodell ...tossing this your way I guess to poke at it

chasemp added a comment.Mar 11 2015, 8:36 PM

seems most likely to be a conduit / security extension bad interaction

mmodell closed this task as Resolved.Mar 12 2015, 8:18 PM

The configuratoin at https://phab-01.wmflabs.org/config/edit/maniphest.custom-field-definitions/ was screwed up - I corrected it in the database - I'm not sure why the local settings were messed up, puppet should be providing the same values as production, no?

Danny_B edited projects, added VPS-project-Phabricator; removed Phabricator.Jul 12 2016, 2:03 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL