Page MenuHomePhorge

Restrict Maniphest form fields to certain users
Open, NormalPublic

Description

Original context
https://we.phorge.it/w/planning_meetings/2022-07-12/#action-items

@dtf look for ways to lock some maniphest fields to specific users.

Issue
At present, users can create Maniphest tasks and do not have visibility to change priority at time of creation. Once the new task has been created, the user can adjust the Priority field to their heart's desire, which is not necessarily the same desire as that of the Phorge team (new tasks generally start in a Needs Triage priority until triage has been completed by a member of the team).

Desired result
Users should be able to create new tasks without the option of changing the Priority field of the Maniphest task. The ability to adjust priority should be restricted to members that have been granted access (perhaps Trusted Contributors?).


Notes from testing restricted forms so far:
E12#264

Tested out on my own instance:

  • Pretend to create a new task
  • Configure form > Edit form configuration
  • Lock / Hide Fields
    • This will open a new menu where you can select Visible, Locked, or Hidden

However, this causes the field to be locked even while signed in as an Admin. Need to test as a user with lower permissions as the task creator.

Event Timeline

dtf triaged this task as Normal priority.Aug 24 2022, 20:55
dtf created this task.
dtf created this object in space S1 Public.

Process requires 2 forms with the following modifications:

  • Create task form
    • Edit Form Configuration
      • Visible To -- All Users
    • Lock/Hide fields
      • Priority
      • Editable by
    • Change Default Values
      • Editable by -- Custom (likely Administrators & other trusted projects)
  • Edit task form
    • Visible to certain subset of users (like a project)
MacFan4000 removed dtf as the assignee of this task.Wed, Sep 7, 12:57
MacFan4000 added a project: phorge.it install.

I’ll note that there is currently a restricted create form, for Trusted Contributors that allows anything to be changed.

I would say the current create forms are fine, there should be 2 edit forms, 1 unrestricted one only visible to trusted users, and a restricted one that is only visible to non-trusted users (can be done with custom policy)

The following task creation policy is set:

  • All users can create security tasks.
  • Only members of Trusted Contributors may create non-security tasks.