How to unlock a Portal to view/edit it as an admin, similar to Tasks?

aklapper · January 28, 2021, 10:41am

Problem: As an admin, going to https://phabricator.example.com/portal/view/1234/view/manage/ I either get “Access Denied: Restricted Portal. You do not have permission to view this object.” or “Access Denied: You do not have permission to edit this object.”

I know I can unlock the Edit Policy of tasks, via sudo /phabricator/bin/policy unlock --edit MyUserName T1234 which passes T1234 as a parameter.

For portals listed under https://phabricator.example.com/portal/ there seems to be no such ID.
So it is unclear to me which parameter to pass.

epriestley · January 28, 2021, 9:51pm

You can pass the portal PHID, but it may be difficult to discover:

./bin/policy unlock --edit epriestley PHID-PRTL-uhjsyyd4oyumlwo2rhg5
 UNLOCKING  Unlocking: Test Portal A
 UNLOCKED  Modified object policies.

        Object URI: http://local.phacility.com/portal/view/1/

If you have phabricator.developer-mode enabled, you can discover the PHID by accessing the portal edit view, then clicking “Manage Portal” > “Advanced/Developer…” > “View Handle”:

If you don’t have this mode enabled, you can call the portal.search Conduit API method via the web interface, submitting a query that looks like this:

Replace [1] with the ID (or list of IDs) of the portal you want to discover the PHID for, e.g. [456, 789].

You should get results like this, revealing the PHID:

If you have CLI access anyway, you can also connect to the database (e.g., with bin/storage shell, or mysql) and SELECT phid FROM phabricator_dashboard.dashboard_portal WHERE id = ....

aklapper · January 28, 2021, 9:52pm

Thanks a lot! I was never aware that I can also pass the PHID.

epriestley · January 28, 2021, 10:00pm

epriestley · January 29, 2021, 12:36am

I updated bin/policy help unlock to explicitly mention that you can use a PHID in https://secure.phabricator.com/D21530.

(Although it isn’t universally true, most bin/whatever commands that can accept an object name (like “T123”) can also accept a PHID, since not every object type has a monogram/human-friendly name.)