Homec4science

Show why recipients were excluded from mail

Authored by epriestley <git@epriestley.com> on Jul 11 2013, 00:17.

Description

Show why recipients were excluded from mail

Summary:
Ref T3306. This interface has a hard time balancing security/policy issues and I'm not sure what the best way forward is. Some possibilities:

  1. We just let you see everything from the web UI.
    • This makes debugging easier.
    • Anyone who can see this stuff can trivially take over any user's account with five seconds of work and no technical expertise (reset their password from the web UI, then go read the email and click the link).
  2. We let you see everything, but only for messages you were a recipient of or author of.
    • This makes it much more difficult to debug issues with mailing lists.
      • But maybe we could just say mailing list recipients are "public", or define some other ruleset.
    • Generally this gets privacy and ease of use right.
  3. We could move the whole thing to the CLI.
    • Makes the UI/UX way worse.
  4. We could strike an awkward balance between concerns, as we do now.
    • We expose who sent and received messages, but not the content of the messages. This doesn't feel great.

I'm inclined to probably go with (2) and figure something out for mailing lists?

Anyway, irrespective of that this should generally make things more clear, and improves the code a lot if nothing else.

Test Plan:
{F49546}

  • Looked at a bunch of mail.
  • Sent mail from different apps.
  • Checked that recipients seem correct.

Reviewers: btrahan, chad

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T3306

Differential Revision: https://secure.phabricator.com/D6413

Details

Committed
epriestley <git@epriestley.com>Jul 11 2013, 00:17
Pushed
aubortJan 31 2017, 17:16
Parents
rPH65ab9d178033: Pholio - make inline comment box appear correctly
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH293a475e398b: Show why recipients were excluded from mail (authored by epriestley <git@epriestley.com>).Jul 11 2013, 00:17