On Wed, 2014-12-03 at 00:52 -0500, Matthew Flaschen wrote: > On 12/02/2014 11:49 PM, Jeremy Baron wrote: > > On Wed, Dec 3, 2014 at 4:28 AM, Matthew Flaschen > > <[email protected]> wrote: > >> On 12/02/2014 05:32 PM, Jeremy Baron wrote: > >>> I think we should generally prohibit projects from containing tasks if > >>> those projects are used as ACLs or limit membership for any other > >>> reason. > >> > >> What would the ACL do if there are no tasks involved? > > > > project membership can be used as part of a policy. policies can then > > in turn be used to set restrictions. but the task would not actually > > have that ACL project listed as one of the projects for the task. (or > > at least I think it shouldn't) > > How would Phabricator know which tasks the ACL applied to?
https://www.mediawiki.org/wiki/Phabricator/Security aims to explain most Security/ACL related things in Phabricator (kudos to Chase for recently writing that summary!). Feedback is welcome on its talk page. andre -- Andre Klapper | Wikimedia Bugwrangler http://blogs.gnome.org/aklapper/ _______________________________________________ teampractices mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/teampractices
