Page MenuHomePhorge

Make Phorge more accessible to logged-out users
Open, Needs TriagePublic

Description

Currently, there are a few applications with content inaccessible for logged-out users.


Here are some known examples:

  • Nuance application (except for the Nuance console)
  • Almanac/Drydock objects (but not consoles and queries)
  • People badges, tasks, revisions, and commits
  • Diffusion repository management
  • Diffusion sync, pull, and push logs
  • User tasks, badges, revisions, and commits
  • Project members
  • Herald transcripts
  • Maniphest reports
  • Phlux application
Feel free to add examples that are not shown above!

Event Timeline

Cigaryno created this object in space S1 Public.

Most of these can be done by adding the following to controller files related to query, list, and view files:

public function shouldAllowPublic() {
  return true;
}

However, I don't know what to do with Almanac and Drydock to make them work for logged-out users.

I wonder if shouldAllowPublic() was just forgotten or if the idea behind was to exclude web crawlers (as querying those lists en-masse could be expensive).

Some items in the task description make me a bit uncomfortable in my instance. Why does everyone need to see Diffusion sync, pull, and push logs? Why Herald transcripts? Why repo management if you cannot manage? What are actual use cases which outweigh security implications?

Some items in the task description make me a bit uncomfortable in my instance.

I don't think you need to be uncomfortable on your instance (phabricator.wikimedia.org)
For Herald, it looks to be restricted to trusted contributors to restrict who can create personal rules (they actually can vandalize tasks via personal rules with the action set to claim the task), that's not something to take care of at all on your instance.
Project members, maniphest reports, user tasks and badges are actually useful for logged-out users.
But everything that's Diffusion-related sounds pointless for your instance as every repo is a read-only mirror of the repos on a Gerrit instance.

Answering Your Questions

Why does everyone need to see Diffusion sync, pull, and push logs?

Actually, push log is the most useful. Sync and pull logs doesn't sound so interesting, but any logged-in user who can view the repo can view the sync and pull logs.

Why Herald transcripts?

Except if use of Herald is restricted (as in phabricator.wikimedia.org, to restrict who can create personal rules), one can be curious about what rules (mainly global but sometimes personal and object too) triggered addition of Ccs, tags, comments, reviewers (revs and commits only), assignee (tasks only), or anything else that can be done by Herald.

Why repo management if you cannot manage?

Then why would logged-in users who can't edit repos be able to view repo management? More discussion at D25926.

What are actual use cases which outweigh security implications?

  • Herald transcripts (only if Can Use is set to Public)
  • Project members
  • User tasks, revs, commits, and badges
  • Maniphest reports
  • Diffusion push log(?)

Hope this won't become Discussion Needed, but some parts sound a bit too ambitious given those questions.