Page MenuHomePhabricator
Create Task
Maniphest T265723

Restrict creation of calendar items due to spam
Closed, ResolvedPublic
Actions

Description

as we get spam like https://phabricator.wikimedia.org/E1269

Maybe to members of Trusted-Contributors and WMF-NDA ?

Related Objects
Search...

Event Timeline

Aklapper created this task.Oct 16 2020, 1:23 PM
Aklapper created this object with visibility "Custom Policy".
Aklapper merged a task: Restricted Task.Dec 22 2020, 10:14 AM
Aklapper added subscribers: Marostegui, mmodell.
Aklapper closed this task as Resolved.EditedDec 22 2020, 10:23 AM
Aklapper claimed this task.

No replies/comments, so I took the liberty to change "Default Edit Policy" on https://phabricator.wikimedia.org/applications/edit/PhabricatorCalendarApplication/ from
All Users
to
admins or members of: { WMF-NDA or Trusted-Contributors or #acl*security or #acl*sre-team}. (Lacking any better guidelines which of our many funny acl thingies would make sense).

Let's see who will complain about Phab's cryptic error messages, and if they'll complain in a place that I'll get aware of.</phabblues>

Aklapper added a comment.Dec 22 2020, 10:25 AM
This comment was removed by Aklapper.
DannyS712 subscribed.Jan 22 2021, 1:20 AM

@Aklapper is it okay to make this public now?

Aklapper added a comment.Jan 22 2021, 10:20 AM

Yes, let me do that (thanks for the ping).

Aklapper changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 22 2021, 10:20 AM
taavi subscribed.Jan 22 2021, 10:21 AM
Malyacko mentioned this in E1338: whatever.Jan 25 2021, 9:21 AM
Aklapper reopened this task as Open.Jan 25 2021, 9:21 AM
Aklapper changed the visibility from "Public (No Login Required)" to "Custom Policy".

FAIL. Doesn't work as expected. No idea why.
Created E1338 with my other account and that's not a member of https://phabricator.wikimedia.org/project/members/3104/

Aklapper removed Aklapper as the assignee of this task.Jan 25 2021, 9:23 AM

Unassigning due to Phab being frustratingly non-obvious.

taavi added a comment.Jan 25 2021, 9:23 AM

As far as I know "Default edit policy" only controls who can edit entries after they are created, not who can create them.

Aklapper added a comment.Jan 25 2021, 9:25 AM

Thanks Majavah, you're probably right.

Maybe we'd need to change "Can Use Application" instead of "Default Edit Policy" on https://phabricator.wikimedia.org/applications/edit/PhabricatorCalendarApplication/ but it's ironic, because I do would like people to be able to *view* stuff.

Maybe these settings don't allow achieving what I want: Everyone can view stuff, but not everyone can create stuff. Sigh.

mmodell added a comment.Jan 25 2021, 9:26 AM

Submissions are controlled by policies on the forms not on the application.

taavi added a comment.Jan 25 2021, 9:29 AM

T258599 could probably use the same solution.

mmodell added a comment.Jan 25 2021, 9:32 AM

I've limited the forms to Trusted-Contributors

Aklapper closed this task as Resolved.Jan 25 2021, 9:51 AM
Aklapper claimed this task.

Oh thanks a lot! Alright, first, I finally need to develop a mental model that some stuff is under application settings while other stuff is under forms.

Second, I don't think that Trusted-Contributors is ever sufficient as I soon expect numerous support requests from staff etc to drop into my inbox, as Phab's error message is as vague as can. I also added WMF-NDA to https://phabricator.wikimedia.org/transactions/editengine/calendar.event/edit/25/ and https://phabricator.wikimedia.org/transactions/editengine/calendar.event/edit/44/ , probably there should be more but what do I remember. :)

Aklapper changed the visibility from "Custom Policy" to "Public (No Login Required)".Jan 25 2021, 9:51 AM
Aklapper mentioned this in T274726: @IN can no longer edit E1336 (Their own calendar event).Feb 14 2021, 9:32 AM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits