Page MenuHomePhorge
Create Task
Maniphest T15999

Make Phorge more accessible to logged-out users
Open, Needs TriagePublic
Actions

Description

Currently, there are a few applications with content inaccessible for logged-out users.

Here are some known examples:

  • Nuance application (except for the Nuance console)
  • Almanac/Drydock objects (but not consoles and queries)
  • People badges, tasks, revisions, and commits
  • Diffusion repository management
  • Diffusion sync, pull, and push logs
  • User tasks, badges, revisions, and commits
  • Project members
  • Herald transcripts
  • Maniphest reports
  • Phlux application
Feel free to add examples that are not shown above!

Revisions and Commits

rP Phorge
Needs ReviewD25926 Make Diffusion repository management accessible to logged-out users

Related Objects

Event Timeline

Cigaryno created this task.Feb 18 2025, 19:43
Cigaryno created this object in space S1 Public.
Herald added subscribers: Matthew, chris, tobiaswiese. · View Herald TranscriptFeb 18 2025, 19:43
Cigaryno claimed this task.Feb 20 2025, 19:57

Most of these can be done by adding the following to controller files related to query, list, and view files:

public function shouldAllowPublic() {
  return true;
}

However, I don't know what to do with Almanac and Drydock to make them work for logged-out users.

aklapper subscribed.Feb 20 2025, 20:46

I wonder if shouldAllowPublic() was just forgotten or if the idea behind was to exclude web crawlers (as querying those lists en-masse could be expensive).

Cigaryno updated the task description. (Show Details)Feb 25 2025, 14:01
pasik subscribed.Tue, Mar 25, 11:24
Cigaryno added a revision: D25926: Make Diffusion repository management accessible to logged-out users.Wed, Mar 26, 11:15
Cigaryno updated the task description. (Show Details)Wed, Mar 26, 11:23
aklapper added a comment.Wed, Mar 26, 11:57

Some items in the task description make me a bit uncomfortable in my instance. Why does everyone need to see Diffusion sync, pull, and push logs? Why Herald transcripts? Why repo management if you cannot manage? What are actual use cases which outweigh security implications?

Cigaryno added a comment.Wed, Mar 26, 12:26
In T15999#21434, @aklapper wrote:

Some items in the task description make me a bit uncomfortable in my instance.

I don't think you need to be uncomfortable on your instance (phabricator.wikimedia.org)
For Herald, it looks to be restricted to trusted contributors to restrict who can create personal rules (they actually can vandalize tasks via personal rules with the action set to claim the task), that's not something to take care of at all on your instance.
Project members, maniphest reports, user tasks and badges are actually useful for logged-out users.
But everything that's Diffusion-related sounds pointless for your instance as every repo is a read-only mirror of the repos on a Gerrit instance.

Answering Your Questions

Why does everyone need to see Diffusion sync, pull, and push logs?

Actually, push log is the most useful. Sync and pull logs doesn't sound so interesting, but any logged-in user who can view the repo can view the sync and pull logs.

Why Herald transcripts?

Except if use of Herald is restricted (as in phabricator.wikimedia.org, to restrict who can create personal rules), one can be curious about what rules (mainly global but sometimes personal and object too) triggered addition of Ccs, tags, comments, reviewers (revs and commits only), assignee (tasks only), or anything else that can be done by Herald.

Why repo management if you cannot manage?

Then why would logged-in users who can't edit repos be able to view repo management? More discussion at D25926.

What are actual use cases which outweigh security implications?

  • Herald transcripts (only if Can Use is set to Public)
  • Project members
  • User tasks, revs, commits, and badges
  • Maniphest reports
  • Diffusion push log(?)

Hope this won't become Discussion Needed, but some parts sound a bit too ambitious given those questions.

Content licensed under Creative Commons Attribution-ShareAlike 4.0 (CC-BY-SA) unless otherwise noted; code licensed under Apache 2.0 or other open source licenses. · CC BY-SA 4.0 · Apache 2.0