Steps to reproduce:
Expected outcome:
It is good for something and that something is explained to me.
Actual outcome:
No idea. What is it good for?
This seems to be about sending SMS messages according to https://secure.phabricator.com/D19988 . However if your Phorge sysop has not set up anything to send SMS messages then this should not be exposed to your average confused Phorge user.
Eh, grep'ing the source, src/applications/metamta/engine/PhabricatorMailSMSEngine.php seems to be the only place reading those values.
/src/docs/user/configuration/configuring_outbound_email.diviner mentions Configure this mailer for SMS.
And there's 2FA mentioned in /src/docs/user/userguide/multi_factor_auth.diviner: To use SMS, first add your phone number in {nav Settings > Contact Numbers}. However, http://phorge.localhost/auth/config/new/ doesn't list anything obviously SMS related...
I wonder if there were plans to incorporate contact numbers with the prototype app for handling support (the name escapes me).
I would probably prefer to add text to the contact page clarifying what your phone number would be used for and who can see it rather than conditionally display it.
I'd expect that a user's contact numbers might show up on their profile to other registered users. I suspect this might be something that upstream considered implementing at some point but never did for some reason...
I do not think so. As an average user with ID 4, I went to http://phorge.localhost/settings/user/user4/page/contact/ and successfully .
Afterwards as an admin, I went to http://phorge.localhost/auth/contact/4/ and see that I cannot access that user's number: Users with the "Can View" capability: user4 (user4) can take this action.
Also note the auth in the URL path, implying that the "Contact Number" functionality isn't meant to provide information for others but part of implementing SMS support in https://secure.phabricator.com/T920 . See the patches in that old upstream ticket.
As a side note, it's possible that somebody in the world was using the Phone number feature in a way that was then integrated with their custom management system, accessing this information via plain SQL.
Indeed this workflow is currently unknown and, so, ignored at the moment, until we receive more feedback.
Also, I'm OK with the change also because of GDPR's principle of minimization. I mean, Phorge avoids to collect unnecessary data, and this is nice.