1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-20 13:52:40 +01:00
No description
Find a file
epriestley 293a475e39 Show why recipients were excluded from mail
Summary:
Ref T3306. This interface has a hard time balancing security/policy issues and I'm not sure what the best way forward is. Some possibilities:

  # We just let you see everything from the web UI.
    - This makes debugging easier.
    - Anyone who can see this stuff can trivially take over any user's account with five seconds of work and no technical expertise (reset their password from the web UI, then go read the email and click the link).
  # We let you see everything, but only for messages you were a recipient of or author of.
    - This makes it much more difficult to debug issues with mailing lists.
      - But maybe we could just say mailing list recipients are "public", or define some other ruleset.
    - Generally this gets privacy and ease of use right.
  # We could move the whole thing to the CLI.
    - Makes the UI/UX way worse.
  # We could strike an awkward balance between concerns, as we do now.
    - We expose //who// sent and received messages, but not the content of the messages. This doesn't feel great.

I'm inclined to probably go with (2) and figure something out for mailing lists?

Anyway, irrespective of that this should generally make things more clear, and improves the code a lot if nothing else.

Test Plan:
{F49546}

  - Looked at a bunch of mail.
  - Sent mail from different apps.
  - Checked that recipients seem correct.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3306

Differential Revision: https://secure.phabricator.com/D6413
2013-07-10 15:17:38 -07:00
bin Push feed publishing deeper into the task queue 2013-06-25 16:29:47 -07:00
conf Provide contextual help on auth provider configuration 2013-06-20 11:18:48 -07:00
externals Provide clearer syntax highlighting for phame posts. Including background colour, overflow scrolling and border. Also support for tt tag differentiation 2013-07-03 06:25:45 -07:00
resources Legalpad - add signature page 2013-07-10 11:46:39 -07:00
scripts Move mail "Receive Test" from web UI to CLI 2013-07-10 15:13:24 -07:00
src Show why recipients were excluded from mail 2013-07-10 15:17:38 -07:00
support Detect and warn about APC 3.1.14 / 3.1.15 2013-07-10 13:20:00 -07:00
webroot Pholio - make inline comment box appear correctly 2013-07-10 15:17:10 -07:00
.arcconfig Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
.divinerconfig Centralize rendering of application mail bodies 2012-07-16 19:01:43 -07:00
.editorconfig Specify config for text editors 2012-11-03 22:34:44 -07:00
.gitignore Ignore and README for support/bin 2013-04-03 12:58:39 -07:00
LICENSE Delete license headers from files 2012-11-05 11:16:51 -08:00
NOTICE Increment year. 2013-01-03 05:45:08 -08:00
README Update README 2013-07-03 12:08:37 -07:00

Phabricator is an open source collection of web applications which make it
easier to write, review, and share source code. Phabricator was developed at
Facebook.

It's pretty high-quality and usable, but under active development so things 
may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.