Steps:
- Visit Profile → Manage → Edit Profile Picture
- Upload a picture
- Turn back to Profile → Manage and visit the filename of that new picture (but also any old picture) (pictures are mentioned from the right sidebar)
What happens:
- file is not editable e.g. you cannot set a name: «No one can take this action»
- file cannot be deleted: «No one can take this action»
- (File can only be detached, also from their profile - and it's unclear why people should be able to do it, but this is an unrelated task)
What should happen instead:
- File should be Deletable by the Author (to fix a huge mistake for example, or to remove that picture of you in high school where you had pimples, but now you have even more pimples and you want to only expose the most recent photo)
- File should be Editable by the Author (to update its title for example, from "profile")
Reasons why this is important:
- manually uploaded files can be removed by users (from the web, without command line interaction), so we can do the same for profile pictures, especially about obsolete profile pictures
- this kind of deletion requests are now processed by root users from the command line interface, and this is an extra risk (since every singe damn profile picture is called "profile", so it's not difficult for an admin to do a mistake while trying to help an end-user in their cleanup), but Phorge could be able to allow end-users to cleanup their own sh*t, without involving root access requests (again, just like manually uploaded files)
Possible pitfalls:
- we know that we cannot revert time, and we cannot revert emails, and we cannot revert a CDN, but users should be able to delete their profile pictures, just like they can already delete their manually uploaded files
- there is a known problem about the destruction of profile pictures in general: they cause broken profile pictures (404 errors). So it's a problem if users will be allowed to Remove their own profile pictures. To improve the profile image destroy workflow in general, look at the sub-task T16074: Profile picture destroy workflow: it should not cause 404 errors (it should set the builtin image), that can be processed first, and it would be immediately useful to CLI admins, even without working here on this parent task (so admins following destroy requests don't need anymore to contact that user to explain how to restore their builtin picture, to avoid a consequent 404 error).
So, in short, profile images are shown here forever, and cannot be deleted by their own users:
What happens
Little exploration of the table phabricator_file.file, about a profile picture. See the original file and the derived file named "profile".
See that the file named "profile" has not authorPHID. That is one of the reasons the author cannot edit/remove it.
*************************** 42. row *************************** id: 43 phid: PHID-FILE-wzbdm6d76sa3bqpvgf23 name: Screenshot_20240204_101538.png mimeType: image/png byteSize: 389182 storageEngine: blob storageFormat: raw storageHandle: 31 dateCreated: 1714856499 dateModified: 1714856499 authorPHID: PHID-USER-mutepdoozum2ey2pm7of secretKey: jkdb3d3xoo5xyvmo2dhd contentHash: fe2a9511cb1ab4ac2eedff6e32aff01fd96778e680005f5741e8b9c2758f81ad metadata: {"storage":[],"width":1920,"height":1080,"canCDN":1} ttl: NULL isExplicitUpload: 0 mailKey: fqgie335f3qu2jc3t2es viewPolicy: users isPartial: 0 builtinKey: NULL isDeleted: 0 *************************** 43. row *************************** id: 44 phid: PHID-FILE-anvsulbhvqsxguk65tid name: profile mimeType: image/png byteSize: 59341 storageEngine: blob storageFormat: raw storageHandle: 32 dateCreated: 1714856499 dateModified: 1714856499 authorPHID: NULL ← ← ← ← ← secretKey: dzvuzmanku2aayk3x36v contentHash: 9de9a20b98478c40fa94b52c2aea3e4db5736994bb88766ce3021f0caa4b49d6 metadata: {"storage":[],"width":400,"height":400,"canCDN":1,"profile":true} ttl: NULL isExplicitUpload: 0 mailKey: du26qw5527bwxnttww4k viewPolicy: users isPartial: 0 builtinKey: NULL isDeleted: 0
SELECT * FROM file_transformedfile WHERE originalPHID = 'PHID-FILE-wzbdm6d76sa3bqpvgf23'; Empty set (0,001 sec)
Workaround for Deletion
If your original intention was to delete the file, you can do it, having shell access in the Phorge server and run the destroy workflow from the phorge/ directory:
./bin/remove destroy F43
P.S. For historical details about this beautiful workflow, see here:
https://we.phorge.it/rP985eb26c7e32cdc19536769def6ab037645100fb
But note that if you destroy your current profile picture you cause 404 errors, as described in this sub-task: T16074: Profile picture destroy workflow: it should not cause 404 errors (it should set the builtin image)