-
Phriction's view policy is ancestral: in order to access /w/foo/bar/baz, you must be able to access /w/foo and /w/bar in addition to /w/foo/bar/baz itself. This is fine and makes life easy: by setting restrictive policies on top-level pages, we can lessen the risk of someone exposing information they shouldn't, by accidentally making /w/cold-fusion/secret-research/funding-meeting/2018-09-14 public, when the rest of the hierarchy is super locked down. Phriction also recently gained Spaces support, which is nice: rather than trying to lock down with groups and harmonise permissions, we can just move top-level wiki pages to a particular Space, and then we don't need to worry about groups. Our clients don't know Spaces even exist, which is great since it avoids us having to explain the two-tier permission model to them. The reason they don't know it exists is because if you can only see a single Space, then Phabricator hides the entire Spaces UI away from you. Great! Unfortunately one detail ruins everything: /w/ is a top-level page itself, it counts for permission checks, and it _must be in a Space_. So, there is no way to have wiki documents in mutually-invisible Spaces unless you also have a common Space, at which point the whole Spaces UI suddenly becomes very visible everywhere. In order to try to keep our wiki partitioned, but to not confuse our clients (and give them the chance to potentially expose confidential information!), we: - have a magic 'Visible to Everyone' space - actually hide that space from everyone with policies - hack policy filters to make this space visible to everyone _only for the purpose of checking policies on wiki objects_ - only allow admins to change view/edit policies on the root wiki page (see comment for reason why) This actual patch can obviously never go anywhere near upstream, but on the other hand we should probably make them aware of the problem and see if they're interested in discussing a solution, which is probably just to bless the root page with magic semantics. Signed-off-by: Daniel Stone <daniels@collabora.com>
8c5c1fd4