Summary:
Ref T7303. Currently, our handling of "scope" is fairly rigid and adheres to the spec, but some of these behaviors don't make much sense in practice.
Soften some behaviors and make them more flexible:
**Soft Failure on Unknown Permissions**: If a client asks for a permission we don't know about, just warn that we don't recognize it instead of fataling. In particular, I plan to make `offline_access` and `whoami` implicit. Older clients that request these permissions will still work fine as long as we don't hard-fatal.
**Move `user.whoami` to ALWAYS scope**: Make `whoami` a default permission. We've already done this, in effect; this just formalizes it.
**Tokens no longer expire**: Make `offline_access` (infinite-duration tokens) a default permission. I think the OAuth model doesn't map well to reality. It is common for other providers to issue "temporary" tokens with a duration of multiple years, and the refesh workflow is sort of silly. We can add a "temporary" scope later if we need temporary tokens.
This flow was potentially extra silly with the "log out of Phacility" use case, where we might need to have you log in again before we could log you out, which is bizarre and senseless. Avoid this nonsense.
**Move away from granular permissions**: Users currently get to pick-and-choose which permissions they grant, but this likely rarely/never works in practice and is fairly hostile since applications can't communicate which permissions they need. Applications which can actually operate with only some subset of permissions can make separate requests (e.g., when you activate "cool feature X", it asks for X permission). I think applications that do this are rare; pretty much everything just asks for tons of permissions and everyone grants them.
Making this all-or-nothing is better for well-behaved applications and better for users. It's also slightly better for overzealous applications that ask for more than they need, but whatever. Users can make an informed decision, hopefully, and I plan to let administrators force applications to a subset of permissions once we introduce meaningful scopes.
Test Plan:
- Generated tokens.
- Used tokens.
- Authorized an instance.
- Faked some bogus scopes, got clean authorization.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T7303
Differential Revision: https://secure.phabricator.com/D15621
Summary: I know this is ultimately pointless but feel better about pushing back on users when there is no possible way they could be acting in good faith.
Test Plan: Read documents.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D15518
Summary: We will sell you as many new databases as you want, cheap! Just $1 per database!
Test Plan: (O).(O)
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D15249
Summary:
Ref T9908. No more callsites. Also:
- Phurl a couple of documentation URIs.
- Get rid of "task:" in the global search since it doesn't really make sense anymore.
Test Plan: `grep`, edited/created tasks.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9908
Differential Revision: https://secure.phabricator.com/D14716
Summary:
A guide to basic skills every software professional should have.
This is so fundamental that I don't think the document is actually helpful, but we can try it I guess.
Test Plan: Reading?
Reviewers: chad
Reviewed By: chad
Subscribers: Shredder121
Differential Revision: https://secure.phabricator.com/D14707
Summary: Caught these while re-reading.
Test Plan: Reading?
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D14580
Summary: Provide a long-form description of why we require a CLA and the distinction between the individual and corporate CLAs. See Q219 and Q97.
Test Plan: Reading.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D14578
Summary: Ref T9690. I wanted to do an example of how to do these but it looks like most of them are trivial (no callsites) and the rest are a little tricky (weird interaction with frames, or in Releeph).
Test Plan:
- Used `grep` to look for callsites.
- Hit all applications locally, everything worked.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9690
Differential Revision: https://secure.phabricator.com/D14385
Summary:
These are a little out of date:
- Link to Starmap since it explicitly exists now.
- Link to "Planning" instead of the old task.
- Link to "Prioritization" instead of telling anyone to build stuff themselves.
Test Plan: Read documentation.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D14328
Summary:
Currently, Version numbers are sort of randomly shown on "All Settings" beacuse we didn't have any better place to put them.
Now that we have modules, expose them as a config module.
Test Plan:
{F906426}
Grepped for "all settings" to look for other references to the old location, but didn't get any relevant hits.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D14327
Summary:
Basically similar to D13941 but a little more extreme:
- Really strongly emphasize reproducibility for bug reports, and set users up for rejection if they don't satisfy this.
- Really strongly emphasize problem descriptions for feature requests, and set users up for rejection.
- Get rid of various "please give us feedback"; we get plenty of feedback these days.
- Some modernization tweaks.
- Split the support document into:
- Stuff we actually support for free (security / good bug reports / feature requests).
- Stuff you can pay us for (hosting / consulting / prioritization).
- A nebulous "community" section, with appropriate (low) expectations that better reflects reality.
My overall goals here are:
- Set expectations better, so users don't show up in IRC expecting it to be a "great place to get amazing support" or whatever the docs said in 2011.
- Possibly move the needle slightly on bug reports / feature request quality, maybe.
Test Plan: Read changes carefully.
Reviewers: chad
Reviewed By: chad
Differential Revision: https://secure.phabricator.com/D14305
Summary: Fixes T9483. This bookname is `phabcontrib`, not `contributor`.
Test Plan: `grep` / clicked these links.
Reviewers: chad
Reviewed By: chad
Maniphest Tasks: T9483
Differential Revision: https://secure.phabricator.com/D14195
Summary: Fixes T8908. We sometimes receive hypothetical requests (usually when existing companies are thinking about adopting Phabricator) in the form of "No users have actually done this yet, but bad thing Y might happen". We can almost never move forward with these. Explain this in detail.
Test Plan: Reading.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Maniphest Tasks: T8908
Differential Revision: https://secure.phabricator.com/D13663
Summary: We've decomissioned this host.
Test Plan: `git grep www.phabricator.com`
Reviewers: chad
Reviewed By: chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D13585
Summary: Ref T8617. Provide general documentation with tools for debugging hangs and slow pages. Update DarkConsole docs and discuss how to use Services and XHProf. Explain what Multimeter is for and how to use it. Update XHProf docs and provide some usage hints.
Test Plan: Read documentation.
Reviewers: joshuaspence, btrahan
Reviewed By: joshuaspence, btrahan
Subscribers: joshuaspence, epriestley
Maniphest Tasks: T8617
Differential Revision: https://secure.phabricator.com/D13359
Summary:
Fixes T8616. The rules for contributors have come up a few times recently, so update this document to give more complete advice.
Also try to do a better job with "adding new classes" (previously: libphutil libraries blah blah no one cares).
Test Plan: Read documents.
Reviewers: btrahan, joshuaspence
Reviewed By: btrahan, joshuaspence
Subscribers: joshuaspence, epriestley
Maniphest Tasks: T8616
Differential Revision: https://secure.phabricator.com/D13358
Summary: Add the language specification to code blocks in documentation.
Test Plan: Eyeball it.
Reviewers: chad, #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin
Differential Revision: https://secure.phabricator.com/D13277
Summary: Using `##` can cause some formatting issues, see D13071.
Test Plan: See D13071.
Reviewers: epriestley, #blessed_reviewers, chad
Reviewed By: epriestley, #blessed_reviewers
Subscribers: Korvin, epriestley
Differential Revision: https://secure.phabricator.com/D13072
Summary:
This mentions "like GitHub", but we purged all the issues and no longer accept them.
Generally, feature requests should be coming to the upstream only nowadays.
Also, don't overpromise IRC.
Test Plan: Read documentation.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D11777
Summary:
Ref T7152. Ref T1139. This updates Phabricator so third-party libraries can translate their own stuff. Also:
- Hide "All Caps" when not in development mode, since some users have found this a little confusing.
- With other changes, adds a "Raw Strings" mode (development mode only).
- Add an example silly translation to make sure the serious business flag works.
- Add a basic British English translation.
- Simplify handling of translation overrides.
Test Plan:
- Flipped serious business / development on and off and saw silly/development translations drop off.
- Switched to "All Caps" and saw all caps.
- Switched to Very English, Wow!
- Switched to British english and saw "colour".
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T7152, T1139
Differential Revision: https://secure.phabricator.com/D11747
Summary: This is the hardening work mentioned in T887#86529. Also take a documentation pass for accuracy about these changes and formatting. Ref T4593.
Test Plan: unit tests...! generated diviner docs and oauthserver doc looked good
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: Korvin, epriestley
Maniphest Tasks: T4593
Differential Revision: https://secure.phabricator.com/D11298
Summary: We technically don't use K&R. These documents and the rest of the codebase are full of examples of the correct style, which should be unambiguous to a reasonable reader.
Test Plan: reading
Reviewers: staticshock, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D11255
Summary: @btrahan asked about this but I gave the wrong answer. These
currently do not turn into links. I think they might have in the past,
but if they did the rule is a little weird and feels specific to my
use. We can reexamine this at some point, but for now just make the
links work in a normal, reasonable sort of way.
Auditors: btrahan
Summary:
- Warn users that they'll need to be comfortable with the CLI.
- Move XHProf stuff to the developer docs, since few/no normal users need it.
Test Plan: Read documentation.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D10810
Summary:
- Direct users to detailed bug report / feature reuqest documents.
- Move "get more info" and "unreproducible problems" to bug reporting document.
- Stop telling users to email us, and strongly encourage them to use primary channels.
Test Plan: Read documentation.
Reviewers: btrahan, chad
Reviewed By: btrahan, chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D10808
Summary:
Fixes T6347. This refines the "contributor guide" documents to basically lock down support further. Notable changes in policy:
- Bugs: Emphasis on reproduction steps, strong emphasis on using Maniphest. Emphasis on what we support.
- Features: Emphasis on describing problems instead of solutions, emphasis on realistic expecations about timelines. Strong emphasis on using Maniphest.
- Code: Strong emphasis on coordinating with us first. No GitHub pull requests. Emphasis on us ignoring contributions we don't have time to deal with. Suggests local forks.
Test Plan: Read these through; let me generate them and take some screenshots for easier reading.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Maniphest Tasks: T6347
Differential Revision: https://secure.phabricator.com/D10764
Summary: Ref T5702. This primarily gets URI routing out of Aphront and into an Application, for consistency.
Test Plan: Loaded some pages, got static resources.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5702
Differential Revision: https://secure.phabricator.com/D10696
Summary: ...and fix an error where lines that start with ##X## are rendering incorrectly by switching to alternate syntax `X`. Fixes T5806.
Test Plan: read the docs and they looked good
Reviewers: epriestley
Reviewed By: epriestley
Subscribers: epriestley, Korvin
Maniphest Tasks: T5806
Differential Revision: https://secure.phabricator.com/D10165
Summary: I'm pretty sure that `@group` annotations are useless now... see D9855. Also fixed various other minor issues.
Test Plan: Eye-ball it.
Reviewers: #blessed_reviewers, epriestley, chad
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin, hach-que
Differential Revision: https://secure.phabricator.com/D9859
Summary: We now have workable CLAs, so route users to them.
Test Plan: Read documentation.
Reviewers: chad
Reviewed By: chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D9820
Summary: Fix a few "line too long" lint issues in the Diviner documentation. Also lint `*.book` files as JSON.
Test Plan: Eye-ball it.
Reviewers: epriestley, #blessed_reviewers
Reviewed By: epriestley, #blessed_reviewers
Subscribers: epriestley, Korvin
Differential Revision: https://secure.phabricator.com/D9695
Summary:
Ref T4843. Document the new assistive features in the developer docs.
(Also use the recommended mode to set them. They're equivalent for `aural=true` (but not for `aural=false`), so this doesn't actually change anything.)
Test Plan: Read documentation.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Maniphest Tasks: T4843
Differential Revision: https://secure.phabricator.com/D8926
Summary:
It's fairly common for people to show up and be interested in finding easy stuff to work on. This stuff basically doesn't exist and probably never will: it doesn't make much sense to deliberately leave easy bugs broken just because someone might show up and want to fix a couple of easy bugs.
Almost all of the work that's valuable to us requires a depth or bredth of context which can't be acquired in a few hours here and there, and probably always will. I think it also always //should//, in that as long as we continue refactoring and clearing technical debt aggressively and having solid static analysis support tools, we should never have a large backlog of human-intelligence codebase tasks. The closest we've ever come were probably `pht()` and `phutil_tag()`, which both have a lot of subtleties and we mostly automated `phutil_tag()` anyway. These tasks are also //incredibly boring// to write and review.
So, accept this as a reality and realign the contributor documentation to try to deal with this case:
- Set expectations about starter tasks not existing and throwing a couple of hours at the project writing code being a hard path.
- Suggest non-code contributions which anyone can do.
- Segue into code contributions with context and suggestions.
Test Plan: Generated and read documentation.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Differential Revision: https://secure.phabricator.com/D8872
Summary: Fixes T3426. This describes all the weird stuff we've got, at least. We can expand this as we get more contributors or after writing CSS lint.
Test Plan: Read document.
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: epriestley
Maniphest Tasks: T3426
Differential Revision: https://secure.phabricator.com/D8720