Page MenuHomePhorge
Differential D25363

Match yourself from Imported Events Invitees
Needs ReviewPublic
Actions

Authored by valerio.bozzolan on Jul 28 2023, 15:52.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Aug 29, 14:51
Unknown Object (File)
Mon, Aug 28, 17:02
Unknown Object (File)
Aug 15 2023, 11:27
Unknown Object (File)
Aug 13 2023, 20:20
Unknown Object (File)
Aug 13 2023, 04:59
Unknown Object (File)
Aug 12 2023, 19:47
Unknown Object (File)
Aug 12 2023, 07:48
Unknown Object (File)
Aug 9 2023, 13:52
View All 14 Files
Subscribers
avivey
Cigaryno
Matthew
speck
tobiaswiese

Details

Reviewers
None
Group Reviewers
O1: Blessed Committers
Maniphest Tasks
T15564: Allow yourself to be Invited in Imported Events
Summary

If one of your verified email addresses is mentioned in the "Invitees"
section of your upstream Calendar Event, you are now imported as such.

For example, if you have a Google Calendar, and if you import that in
Phorge, and if your email is mentioned in the Invitees:

  • you are not shown anymore as "Private User 1" but as yourself
  • the "Busy" orange marker is shown from your Profile (instead of nothing)
  • the Profile Calendar widget shows your imported Event (instead of nothing - no "Clear Sailing ahead")

Example situation:

User "test" imports a Calendar. An Event has two invited emails:

  • 1 email belongs to user "test"
  • 1 email belongs to another user
BeforeAfter
Before.png (543×948 px, 86 KB)
After.png (543×948 px, 87 KB)

So the Calendar owner is not an alien anymore.

Allowing to match yourself makes sense because you trust your imported
Calendar and we trust your verified email addresses.

WE DO NOT MATCH OTHER USERS BUT THE CALENDAR OWNER.
Matching other users must involve serious privacy measures,
coherent with the rest of Phorge.

Closes T15564

Test Plan
  • create an Event in Google Calendar (or whatever)
  • put 200+ verified emails of yours as invited
  • put 200+ other people emails as invited
  • import the Calendar (or refresh the data) /calendar/import/edit/?importType=icsuri

Verify the Event page:

  • you are one invited (just one)
  • others are "Private User" (just like before)
  • you cannot change Event details (just like before)

Diff Detail

Repository
rP Phorge
Branch
master
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 701
Build 701: arc lint + arc unit

Event Timeline

valerio.bozzolan created this revision.Jul 28 2023, 15:52
Owners added a reviewer: O1: Blessed Committers.Jul 28 2023, 15:52
Herald added subscribers: Cigaryno, Matthew, tobiaswiese, speck. · View Herald TranscriptJul 28 2023, 15:52
valerio.bozzolan requested review of this revision.Jul 28 2023, 15:52
Harbormaster completed remote builds in B700: Diff 1168.Jul 28 2023, 15:52
valerio.bozzolan added inline comments.Jul 28 2023, 16:04
src/applications/calendar/controller/PhabricatorCalendarEventViewController.php
169

✅ This is consistent with the error "Can Not Edit Imported Event".

633

✅ This is consistent with the error "Can Not Edit Imported Event".

641

✅ This is consistent with the error "Can Not Edit Imported Event".

src/applications/calendar/import/PhabricatorCalendarImportEngine.php
230

This was a map of names.

238–240

The $name variable was re-used too much. So, renamed when:

$attendee_mail = new PhutilEmailAddress($name);
359

This contains external attendees by name. So, added _name in the name to avoid confusion.

364–365

This part was kept, but moved in a dedicated loop above. So, we first loop external attendees, then real users.

Then, this loop handles all of them.

411–416

✅ If this is your event, and you are self-invited, of course you are attending (you are not just a random invited).

Note that the manual Event creation form relies on the same assumption.

valerio.bozzolan updated this revision to Diff 1169.Jul 28 2023, 16:05

remove newline

Harbormaster completed remote builds in B701: Diff 1169.Jul 28 2023, 16:05
valerio.bozzolan mentioned this in T15564: Allow yourself to be Invited in Imported Events.Jul 28 2023, 16:06
speck added a comment.Jul 29 2023, 01:23

Could this be abused, e.g. create an event with a thousand emails then import it and see if those emails are registered? If so how does that compare to existing means of discovering registered users?

valerio.bozzolan added a comment.EditedJul 29 2023, 09:43
In D25363#10531, @speck wrote:

Could this be abused, e.g. create an event with a thousand emails then import it and see if those emails are registered? If so how does that compare to existing means of discovering registered users?

Thanks speck, absolutely not! :)

If Valerio imports a Calendar, only Valerio is eventually recognized. The others are still "Private user"

valerio.bozzolan edited the summary of this revision. (Show Details)Jul 29 2023, 13:55

I've added a couple of screenshots

(to notice the difference you must see them quickly with your arrow keys ← → ihih)

avivey subscribed.Sat, Sep 23, 09:05
avivey added inline comments.
src/applications/calendar/import/PhabricatorCalendarImportEngine.php
211

Use PhabricatorPeopleUserEmailQuery, possibly augmenting it with withIsVerified and/or withUserPhid

254

Don't rely on $foo[$x][$y] = ... to create array in [$x] - create that expliclitly, see line 237 above.

the idx in line 378 can be replaced with direct access then.

392

make the parameter clearer:

Revision Contents
Changeset List

Diff 1169

View Options

src/applications/calendar/controller/PhabricatorCalendarEventViewController.php

Loading...
View Options

src/applications/calendar/import/PhabricatorCalendarImportEngine.php

Loading...