Page MenuHomePhorge
Create Task
Maniphest T15112

Restrict Maniphest form fields to certain users
Closed, ResolvedPublic
Actions

Description

Original context
https://we.phorge.it/w/planning_meetings/2022-07-12/#action-items

@dtf look for ways to lock some maniphest fields to specific users.

Issue
At present, users can create Maniphest tasks and do not have visibility to change priority at time of creation. Once the new task has been created, the user can adjust the Priority field to their heart's desire, which is not necessarily the same desire as that of the Phorge team (new tasks generally start in a Needs Triage priority until triage has been completed by a member of the team).

Desired result
Users should be able to create new tasks without the option of changing the Priority field of the Maniphest task. The ability to adjust priority should be restricted to members that have been granted access (perhaps Trusted Contributors?).

Notes from testing restricted forms so far:
E12#264

Tested out on my own instance:

  • Pretend to create a new task
  • Configure form > Edit form configuration
  • Lock / Hide Fields
    • This will open a new menu where you can select Visible, Locked, or Hidden

However, this causes the field to be locked even while signed in as an Admin. Need to test as a user with lower permissions as the task creator.

Related Objects
Search...

Event Timeline

dtf created this task.Aug 24 2022, 20:55
dtf triaged this task as Normal priority.
dtf created this object in space S1 Public.
Herald added subscribers: Matthew, chris, speck, tobiaswiese. · View Herald TranscriptAug 24 2022, 20:55
dtf added a comment.Sep 6 2022, 19:15

Process requires 2 forms with the following modifications:

  • Create task form
    • Edit Form Configuration
      • Visible To -- All Users
    • Lock/Hide fields
      • Priority
      • Editable by
    • Change Default Values
      • Editable by -- Custom (likely Administrators & other trusted projects)
  • Edit task form
    • Visible to certain subset of users (like a project)
Herald added a subscriber: Cigaryno. · View Herald TranscriptSep 6 2022, 19:15
dtf added a parent task: T15084: Discussion: Maniphest vs Ponder for user support.Sep 6 2022, 19:45
MacFan4000 removed dtf as the assignee of this task.Sep 7 2022, 12:57
MacFan4000 added a project: phorge.it install (DEPRECATED).
MacFan4000 subscribed.Sep 7 2022, 12:59

I’ll note that there is currently a restricted create form, for Trusted Contributors that allows anything to be changed.

MacFan4000 added a comment.Sep 7 2022, 13:06

I would say the current create forms are fine, there should be 2 edit forms, 1 unrestricted one only visible to trusted users, and a restricted one that is only visible to non-trusted users (can be done with custom policy)

avivey mentioned this in 2022-09-06.Sep 8 2022, 18:02
Cigaryno added a comment.Sep 20 2022, 13:14

The following task creation policy is set:

  • All users can create security tasks.
  • Only members of Trusted Contributors may create non-security tasks.
pasik subscribed.Sep 20 2022, 19:58
avivey added a project: Governance.Apr 5 2023, 11:21
Cigaryno closed this task as Resolved.Apr 5 2023, 15:58
Cigaryno claimed this task.

This mission is probably over as only Trusted Contributors may create tasks.

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0