Page MenuHomePhorge

PolicyTag
ActivePublic

Members

  • This project does not have any members.
  • View All

Watchers

  • This project does not have any watchers.
  • View All

Details

Description

The Policy App implements policy controls for other apps

Recent Activity

Nov 20 2023

valerio.bozzolan moved T15672: Allow to tune "Invite Users" policy from Backlog to Code Sprint Candidate on the User-valerio.bozzolan board.
Nov 20 2023, 18:53 · User-valerio.bozzolan, Policy, People
valerio.bozzolan updated the task description for T15672: Allow to tune "Invite Users" policy.
Nov 20 2023, 18:50 · User-valerio.bozzolan, Policy, People
valerio.bozzolan triaged T15672: Allow to tune "Invite Users" policy as Low priority.
Nov 20 2023, 18:48 · User-valerio.bozzolan, Policy, People

Nov 13 2023

valerio.bozzolan added a comment to T15486: Do not expose "Contact Numbers" in user settings when no SMS support is set up in Phorge.

Also, I'm OK with the change also because of GDPR's principle of minimization. I mean, Phorge avoids to collect unnecessary data, and this is nice.

Nov 13 2023, 14:52 · Policy
valerio.bozzolan added a comment to T15486: Do not expose "Contact Numbers" in user settings when no SMS support is set up in Phorge.

As a side note, it's possible that somebody in the world was using the Phone number feature in a way that was then integrated with their custom management system, accessing this information via plain SQL.

Nov 13 2023, 14:37 · Policy
aklapper closed T15486: Do not expose "Contact Numbers" in user settings when no SMS support is set up in Phorge as Resolved by committing rP282e37aaf682: Do not expose Contact Numbers settings panel when no SMS support configured.
Nov 13 2023, 13:04 · Policy

Nov 11 2023

aklapper closed T15443: Add Diffusion policy capability "Can Edit and View Identities" as Resolved by committing rP90f651d669e4: Add Diffusion policy capability "Can Edit and View Identities".
Nov 11 2023, 12:27 · Diffusion, Policy

Oct 27 2023

valerio.bozzolan added a project to T15486: Do not expose "Contact Numbers" in user settings when no SMS support is set up in Phorge: Policy.
Oct 27 2023, 09:30 · Policy

Oct 26 2023

aklapper renamed T15443: Add Diffusion policy capability "Can Edit and View Identities" from Add Diffusion policy capability "Can create and edit Identities" to Add Diffusion policy capability "Can Edit and View Identities".
Oct 26 2023, 19:36 · Diffusion, Policy
aklapper added a revision to T15443: Add Diffusion policy capability "Can Edit and View Identities": D25450: Add Diffusion policy capability "Can Edit and View Identities".
Oct 26 2023, 19:30 · Diffusion, Policy

Jul 2 2023

avivey added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

Also, this mashes up Diffusion and Repositories to add confusion

Jul 2 2023, 20:04 · Diffusion, Policy
aklapper added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

I don't get the code.
src/applications/diffusion/controller/DiffusionIdentityViewController.php (note the View in its name) includes stuff like
$edit_uri = $this->getApplicationURI("identity/edit/{$id}/") defining ->setName(pht('Edit Identity')) (note the Edit here).
Also, this mashes up Diffusion and Repositories to add confusion (DiffusionIdentityEditController calls PhabricatorRepositoryIdentityEditEngine?).
I think I give up.

Jul 2 2023, 19:12 · Diffusion, Policy

Jun 29 2023

Cigaryno added a project to T15443: Add Diffusion policy capability "Can Edit and View Identities": Diffusion.

It's important to restrict the ability to create Diffusion IDs.

Jun 29 2023, 15:23 · Diffusion, Policy
aklapper added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

Patch in P13 is incomplete, policy does not cover going to /diffusion/identity/edit/1/ and setting Assigned To to another user but should.

Jun 29 2023, 12:16 · Diffusion, Policy
aklapper added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".
In T15443#9918, @avivey wrote:

It also might make sense to hide the actual list from the general public (it's a mapping of emails to users).

Jun 29 2023, 11:49 · Diffusion, Policy

Jun 23 2023

valerio.bozzolan added a project to T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission: Bug Reports.
Jun 23 2023, 15:26 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia

Jun 19 2023

valerio.bozzolan added a project to T15438: Add policy capability "Can create Dashboards": Dashboards.
Jun 19 2023, 10:26 · Dashboards, Policy
aklapper closed T15438: Add policy capability "Can create Dashboards" as Resolved by committing rP1c59b6542136: Dashboards: add capability who can create Dashboards.
Jun 19 2023, 10:12 · Dashboards, Policy

Jun 7 2023

speck added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

The "Create Identity" button on /diffusion/identity/ should be guarded by this new policy access, though currently that form is not functional - see T15453

Jun 7 2023, 18:03 · Diffusion, Policy
valerio.bozzolan merged T15451: Implement Diffusion identity reassignment access control into T15443: Add Diffusion policy capability "Can Edit and View Identities".
Jun 7 2023, 15:52 · Diffusion, Policy
valerio.bozzolan merged task T15451: Implement Diffusion identity reassignment access control into T15443: Add Diffusion policy capability "Can Edit and View Identities".
Jun 7 2023, 15:52 · Policy, Security, Feature Requests, Diffusion
smith added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

It also might make sense to hide the actual list from the general public

I agree. Wouldn't it make sense to put it behind repository.identity.view?

Jun 7 2023, 12:04 · Diffusion, Policy
smith closed T15451: Implement Diffusion identity reassignment access control as Invalid.

It turns out that this is a duplicate:
T15443: Add Diffusion policy capability "Can Edit and View Identities"

Jun 7 2023, 12:01 · Policy, Security, Feature Requests, Diffusion
avivey added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

Would it make sense to put creating identities behind the existing Edit policy of the repository?

Jun 7 2023, 11:54 · Diffusion, Policy
aklapper added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

Would it make sense to put creating identities behind the existing Edit policy of the repository?

Jun 7 2023, 11:32 · Diffusion, Policy
smith added a comment to T15451: Implement Diffusion identity reassignment access control.

But, they identities probably should be editable only for:

  • people who can edit the repository (people who administer it)
  • you, if the email matches yours (since you somehow pushed in the repository)
Jun 7 2023, 10:08 · Policy, Security, Feature Requests, Diffusion
valerio.bozzolan added a project to T15451: Implement Diffusion identity reassignment access control: Policy.
Jun 7 2023, 10:04 · Policy, Security, Feature Requests, Diffusion

Jun 3 2023

speck added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

As an approach this seems good to me. Would it make sense to put creating identities behind the existing Edit policy of the repository?

Jun 3 2023, 15:59 · Diffusion, Policy
aklapper added a comment to T15443: Add Diffusion policy capability "Can Edit and View Identities".

Cannot properly test locally (too many exceptions on PHP8.2 trying to create a local Git repo and commits to be indexed in Diffusion) how much this change would actually affect both editing and creating (or not) so I dumped an untested patch into P13

Jun 3 2023, 12:07 · Diffusion, Policy
aklapper added a project to T15443: Add Diffusion policy capability "Can Edit and View Identities": Policy.
Jun 3 2023, 09:47 · Diffusion, Policy
valerio.bozzolan added a project to T15438: Add policy capability "Can create Dashboards": Policy.
Jun 3 2023, 09:45 · Dashboards, Policy

Jun 2 2023

speck added a comment to T15135: Unable to set 'Can Browse User Directory' to public.

I wonder if this is related to not being able to use the Diffusion repository file auto-complete when not logged in even though the repo is publicly accessible.

Jun 2 2023, 03:53 · People, Policy, Bug Reports, User-Cigaryno

May 19 2023

valerio.bozzolan triaged T15405: Slowvote Application: allow to change the Creation Policy (Default Edit Policy) as Wishlist priority.
May 19 2023, 23:01 · User-valerio.bozzolan, Policy, Affects-Wikimedia
valerio.bozzolan moved T15405: Slowvote Application: allow to change the Creation Policy (Default Edit Policy) from Backlog to Code Sprint Candidate on the User-valerio.bozzolan board.
May 19 2023, 22:35 · User-valerio.bozzolan, Policy, Affects-Wikimedia
valerio.bozzolan added a project to T15405: Slowvote Application: allow to change the Creation Policy (Default Edit Policy): User-valerio.bozzolan.
May 19 2023, 22:35 · User-valerio.bozzolan, Policy, Affects-Wikimedia
valerio.bozzolan created T15405: Slowvote Application: allow to change the Creation Policy (Default Edit Policy).
May 19 2023, 22:23 · User-valerio.bozzolan, Policy, Affects-Wikimedia

May 9 2023

avivey removed a project from T15208: Countdown: it's not possible to limit who can create a new Countdown: Countdown (archived).
May 9 2023, 10:53 · Policy, User-valerio.bozzolan, Affects-Wikimedia
avivey removed a project from T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission: Countdown (archived).
May 9 2023, 10:53 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia
avivey removed a project from T15175: Granularize Legalpad view/edit/sign permissions: Legalpad.
May 9 2023, 10:51 · Policy, User-valerio.bozzolan, Affects-Wikimedia

May 2 2023

valerio.bozzolan closed T15135: Unable to set 'Can Browse User Directory' to public as Invalid.

Hi @Cigaryno thanks for this bug report. Please attach more details than feel free to reopen

May 2 2023, 13:09 · People, Policy, Bug Reports, User-Cigaryno
valerio.bozzolan updated the task description for T15135: Unable to set 'Can Browse User Directory' to public.
May 2 2023, 13:05 · People, Policy, Bug Reports, User-Cigaryno

May 1 2023

valerio.bozzolan moved T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission from Backlog to Bug Reports on the Affects-Wikimedia board.
May 1 2023, 10:50 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia
valerio.bozzolan moved T15208: Countdown: it's not possible to limit who can create a new Countdown from Backlog to Feature Requests on the Affects-Wikimedia board.
May 1 2023, 10:50 · Policy, User-valerio.bozzolan, Affects-Wikimedia

Apr 26 2023

avivey created T15277: Nameable, reusable Policies.
Apr 26 2023, 10:12 · Policy, Feature Requests

Apr 25 2023

valerio.bozzolan reassigned T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission from avivey to Dylsss.
Apr 25 2023, 14:32 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia
avivey closed T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission as Resolved by committing rP98c1267e5f16: Countdown: fix PhutilMissingSymbolException.
Apr 25 2023, 13:37 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia
avivey closed T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission, a subtask of T15208: Countdown: it's not possible to limit who can create a new Countdown, as Resolved.
Apr 25 2023, 13:37 · Policy, User-valerio.bozzolan, Affects-Wikimedia
valerio.bozzolan added a revision to T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission: D25133: Countdown: fix PhutilMissingSymbolException.
Apr 25 2023, 13:08 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia
valerio.bozzolan triaged T15271: Fix Exception "PhutilMissingSymbolException" that can happen after new Countdown permission as Unbreak Now! priority.
Apr 25 2023, 13:08 · Bug Reports, Policy, User-valerio.bozzolan, Affects-Wikimedia

Apr 23 2023

20after4 closed T15208: Countdown: it's not possible to limit who can create a new Countdown as Resolved by committing rP7ed35123a347: Countdown: add a capability to decide who can Create.
Apr 23 2023, 20:18 · Policy, User-valerio.bozzolan, Affects-Wikimedia