2014-01-01 03:04:25 +01:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* This file is automatically generated. Use 'bin/celerity map' to rebuild it.
|
|
|
|
* @generated
|
|
|
|
*/
|
|
|
|
return array(
|
|
|
|
'names' =>
|
|
|
|
array(
|
2014-06-28 06:04:07 +02:00
|
|
|
'core.pkg.css' => 'c2c68e64',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'core.pkg.js' => '2b9e8efd',
|
2014-06-23 19:35:39 +02:00
|
|
|
'darkconsole.pkg.js' => 'df001cab',
|
2014-06-04 21:53:07 +02:00
|
|
|
'differential.pkg.css' => '4a93db37',
|
2014-07-01 20:04:05 +02:00
|
|
|
'differential.pkg.js' => '7528cfc9',
|
2014-06-13 20:36:01 +02:00
|
|
|
'diffusion.pkg.css' => '471bc9eb',
|
2014-06-23 19:27:47 +02:00
|
|
|
'diffusion.pkg.js' => 'bfc0737b',
|
2014-06-26 17:49:44 +02:00
|
|
|
'maniphest.pkg.css' => 'f5d89daf',
|
2014-06-23 19:27:47 +02:00
|
|
|
'maniphest.pkg.js' => 'df4aa49f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/aphront/aphront-bars.css' => '231ac33c',
|
|
|
|
'rsrc/css/aphront/context-bar.css' => '1c3b0529',
|
2014-01-06 06:47:21 +01:00
|
|
|
'rsrc/css/aphront/dark-console.css' => '6378ef3d',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/aphront/dialog-view.css' => '4dbbe3bb',
|
2014-06-26 16:16:42 +02:00
|
|
|
'rsrc/css/aphront/error-view.css' => '3462dbee',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/css/aphront/lightbox-attachment.css' => '7acac05d',
|
2014-05-02 23:25:05 +02:00
|
|
|
'rsrc/css/aphront/list-filter-view.css' => '2ae43867',
|
2014-05-08 23:21:32 +02:00
|
|
|
'rsrc/css/aphront/multi-column.css' => '1b95ab2e',
|
2014-04-28 02:31:35 +02:00
|
|
|
'rsrc/css/aphront/notification.css' => 'ef2c9b34',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/aphront/pager-view.css' => '2e3539af',
|
2014-01-21 23:23:36 +01:00
|
|
|
'rsrc/css/aphront/panel-view.css' => '5846dfa2',
|
2014-05-26 01:38:32 +02:00
|
|
|
'rsrc/css/aphront/phabricator-nav-view.css' => '9283c2df',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/aphront/request-failure-view.css' => 'da14df31',
|
2014-06-13 20:36:01 +02:00
|
|
|
'rsrc/css/aphront/table-view.css' => 'b22b7216',
|
2014-05-29 05:56:20 +02:00
|
|
|
'rsrc/css/aphront/tokenizer.css' => '82ce2142',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/aphront/tooltip.css' => '9c90229d',
|
2014-06-22 20:37:52 +02:00
|
|
|
'rsrc/css/aphront/transaction.css' => '5d0cae25',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/aphront/two-column.css' => '16ab3ad2',
|
2014-05-28 00:26:16 +02:00
|
|
|
'rsrc/css/aphront/typeahead.css' => 'a989b5b3',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/auth/auth.css' => '1e655982',
|
2014-06-22 21:34:08 +02:00
|
|
|
'rsrc/css/application/base/main-menu-view.css' => 'aceca0e9',
|
2014-06-24 01:26:16 +02:00
|
|
|
'rsrc/css/application/base/notification-menu.css' => '8ae4a008',
|
2014-06-13 06:49:19 +02:00
|
|
|
'rsrc/css/application/base/phabricator-application-launch-view.css' => '8b7e271d',
|
2014-01-06 06:47:21 +01:00
|
|
|
'rsrc/css/application/base/standard-page-view.css' => '517cdfb1',
|
2014-02-12 18:55:53 +01:00
|
|
|
'rsrc/css/application/chatlog/chatlog.css' => '852140ff',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/config/config-options.css' => '7fedf08b',
|
|
|
|
'rsrc/css/application/config/config-template.css' => '25d446d6',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/application/config/config-welcome.css' => 'b0d16200',
|
2014-02-18 01:00:19 +01:00
|
|
|
'rsrc/css/application/config/setup-issue.css' => '69e640e7',
|
2014-05-31 06:03:23 +02:00
|
|
|
'rsrc/css/application/conpherence/menu.css' => 'e1e0fdf1',
|
2014-06-12 00:40:47 +02:00
|
|
|
'rsrc/css/application/conpherence/message-pane.css' => '11a393ca',
|
2014-05-28 00:26:16 +02:00
|
|
|
'rsrc/css/application/conpherence/notification.css' => '04a6e10a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/conpherence/update.css' => '1099a660',
|
2014-05-05 19:57:23 +02:00
|
|
|
'rsrc/css/application/conpherence/widget-pane.css' => 'bf275a6c',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/contentsource/content-source-view.css' => '4b8b05d4',
|
|
|
|
'rsrc/css/application/countdown/timer.css' => '86b7b0a0',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/application/dashboard/dashboard.css' => 'a2bfdcbf',
|
2014-05-02 06:59:59 +02:00
|
|
|
'rsrc/css/application/diff/inline-comment-summary.css' => '8cfd34e8',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/differential/add-comment.css' => 'c478bcaa',
|
2014-06-04 21:53:07 +02:00
|
|
|
'rsrc/css/application/differential/changeset-view.css' => 'ff8eacf8',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/css/application/differential/core.css' => '7ac3cabc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/differential/results-table.css' => '239924f9',
|
|
|
|
'rsrc/css/application/differential/revision-comment.css' => '48186045',
|
2014-03-12 21:53:04 +01:00
|
|
|
'rsrc/css/application/differential/revision-history.css' => '0e8eb855',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/differential/revision-list.css' => 'f3c47d33',
|
2014-04-03 06:49:28 +02:00
|
|
|
'rsrc/css/application/differential/table-of-contents.css' => '6bf8e1d2',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/diffusion/commit-view.css' => '92d1e8f9',
|
2014-06-13 20:36:01 +02:00
|
|
|
'rsrc/css/application/diffusion/diffusion-icons.css' => '9c5828da',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/diffusion/diffusion-source.css' => '66fdf661',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/application/feed/feed.css' => '4e544db4',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/files/global-drag-and-drop.css' => '697324ad',
|
2014-01-06 06:47:21 +01:00
|
|
|
'rsrc/css/application/flag/flag.css' => '5337623f',
|
2014-03-26 00:02:34 +01:00
|
|
|
'rsrc/css/application/harbormaster/harbormaster.css' => 'cec833b7',
|
2014-04-27 20:18:48 +02:00
|
|
|
'rsrc/css/application/herald/herald-test.css' => '778b008e',
|
|
|
|
'rsrc/css/application/herald/herald.css' => 'c544dd1c',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/css/application/maniphest/batch-editor.css' => '8f380ebc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/maniphest/report.css' => '6fc16517',
|
|
|
|
'rsrc/css/application/maniphest/task-edit.css' => '8e23031b',
|
2014-05-24 06:48:15 +02:00
|
|
|
'rsrc/css/application/maniphest/task-summary.css' => '00c3be7a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/objectselector/object-selector.css' => '029a133d',
|
|
|
|
'rsrc/css/application/owners/owners-path-editor.css' => '2f00933b',
|
|
|
|
'rsrc/css/application/paste/paste.css' => 'aa1767d1',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/css/application/people/people-profile.css' => 'ba7b2762',
|
2014-04-30 22:19:14 +02:00
|
|
|
'rsrc/css/application/phame/phame.css' => '19ecc703',
|
2014-06-16 00:00:43 +02:00
|
|
|
'rsrc/css/application/pholio/pholio-edit.css' => '3ad9d1ee',
|
2014-06-25 00:23:57 +02:00
|
|
|
'rsrc/css/application/pholio/pholio-inline-comments.css' => '8e545e49',
|
|
|
|
'rsrc/css/application/pholio/pholio.css' => '47dffb9c',
|
2014-01-06 06:47:21 +01:00
|
|
|
'rsrc/css/application/phortune/phortune-credit-card-form.css' => 'b25b4beb',
|
|
|
|
'rsrc/css/application/phrequent/phrequent.css' => 'ffc185ad',
|
2014-03-30 20:18:49 +02:00
|
|
|
'rsrc/css/application/phriction/phriction-document-css.css' => '7d7f0071',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/policy/policy-edit.css' => '05cca26a',
|
2014-04-29 19:43:38 +02:00
|
|
|
'rsrc/css/application/policy/policy-transaction-detail.css' => '82100a43',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/policy/policy.css' => '957ea14c',
|
|
|
|
'rsrc/css/application/ponder/comments.css' => '6cdccea7',
|
|
|
|
'rsrc/css/application/ponder/feed.css' => 'e62615b6',
|
|
|
|
'rsrc/css/application/ponder/post.css' => 'ebab8a70',
|
|
|
|
'rsrc/css/application/ponder/vote.css' => '8ed6ed8b',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/application/profile/profile-view.css' => 'b459416e',
|
2014-05-24 06:48:15 +02:00
|
|
|
'rsrc/css/application/projects/project-icon.css' => 'c2ecb7f1',
|
2014-04-18 15:44:45 +02:00
|
|
|
'rsrc/css/application/releeph/releeph-core.css' => '9b3c5733',
|
2014-04-14 21:06:56 +02:00
|
|
|
'rsrc/css/application/releeph/releeph-preview-branch.css' => 'b7a6f4a5',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/application/releeph/releeph-request-differential-create-dialog.css' => '8d8b92cd',
|
|
|
|
'rsrc/css/application/releeph/releeph-request-typeahead.css' => '667a48ae',
|
|
|
|
'rsrc/css/application/search/search-results.css' => 'f240504c',
|
|
|
|
'rsrc/css/application/slowvote/slowvote.css' => '266df6a1',
|
2014-05-05 19:54:34 +02:00
|
|
|
'rsrc/css/application/tokens/tokens.css' => '3d0f239e',
|
2014-04-23 03:29:14 +02:00
|
|
|
'rsrc/css/application/uiexample/example.css' => '528b19de',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'rsrc/css/core/core.css' => '40151074',
|
2014-06-27 19:29:43 +02:00
|
|
|
'rsrc/css/core/remarkup.css' => 'ad4c0676',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/core/syntax.css' => '3c18c1cb',
|
2014-06-25 05:21:27 +02:00
|
|
|
'rsrc/css/core/z-index.css' => 'd1c137f2',
|
2014-03-06 20:28:24 +01:00
|
|
|
'rsrc/css/diviner/diviner-shared.css' => '38813222',
|
2014-05-16 18:28:01 +02:00
|
|
|
'rsrc/css/font/font-awesome.css' => '73d075c3',
|
2014-04-18 02:31:23 +02:00
|
|
|
'rsrc/css/font/font-source-sans-pro.css' => '91d53463',
|
2014-05-29 05:56:20 +02:00
|
|
|
'rsrc/css/font/phui-font-icon-base.css' => 'eb84f033',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/layout/phabricator-action-header-view.css' => '83e2cc86',
|
2014-06-10 01:06:20 +02:00
|
|
|
'rsrc/css/layout/phabricator-crumbs-view.css' => '7fbf25b8',
|
2014-05-30 01:04:50 +02:00
|
|
|
'rsrc/css/layout/phabricator-filetree-view.css' => 'fccf9f82',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/layout/phabricator-hovercard-view.css' => '893f4783',
|
2014-05-31 06:03:23 +02:00
|
|
|
'rsrc/css/layout/phabricator-side-menu-view.css' => 'a2ccd7bd',
|
2014-06-12 00:48:52 +02:00
|
|
|
'rsrc/css/layout/phabricator-source-code-view.css' => '7d346aa4',
|
2014-02-24 19:04:23 +01:00
|
|
|
'rsrc/css/phui/calendar/phui-calendar-day.css' => 'de035c8a',
|
|
|
|
'rsrc/css/phui/calendar/phui-calendar-list.css' => 'c1d0ca59',
|
Fixing z-index on calendar date badges.
Summary: Fixes T4787, decreased z-index on calendar badges so that they don't sit on top of notification dropdowns when dropdowns are expanded. Not sure why the badges had z-index 10, but please let me know if there was a more substantial reason for this.
Test Plan: If neither notification dropdowns have content, create enough messages to populate at least 5 rows, open calendar, expand messages dropdown, verify that underlying calendar date badges do not appear over the dropdown.
Reviewers: chad, #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin
Maniphest Tasks: T4787
Differential Revision: https://secure.phabricator.com/D8770
2014-04-13 17:18:16 +02:00
|
|
|
'rsrc/css/phui/calendar/phui-calendar-month.css' => 'a92e47d2',
|
2014-02-24 19:04:23 +01:00
|
|
|
'rsrc/css/phui/calendar/phui-calendar.css' => '5e1ad989',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/phui/phui-action-list.css' => '9ee9910a',
|
2014-04-18 15:44:45 +02:00
|
|
|
'rsrc/css/phui/phui-box.css' => '7b3a2eed',
|
2014-06-13 03:15:11 +02:00
|
|
|
'rsrc/css/phui/phui-button.css' => 'c7412aa1',
|
2014-06-05 00:41:05 +02:00
|
|
|
'rsrc/css/phui/phui-document.css' => 'a5615198',
|
2014-05-21 20:37:36 +02:00
|
|
|
'rsrc/css/phui/phui-feed-story.css' => 'e2c9bc83',
|
2014-07-04 18:41:27 +02:00
|
|
|
'rsrc/css/phui/phui-fontkit.css' => 'abeb59f0',
|
2014-06-26 18:41:07 +02:00
|
|
|
'rsrc/css/phui/phui-form-view.css' => 'ebac1b1d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/phui/phui-form.css' => 'b78ec020',
|
2014-06-27 17:28:33 +02:00
|
|
|
'rsrc/css/phui/phui-header-view.css' => '39594ac0',
|
2014-06-04 21:53:32 +02:00
|
|
|
'rsrc/css/phui/phui-icon.css' => 'd8526aa1',
|
2014-06-19 20:28:01 +02:00
|
|
|
'rsrc/css/phui/phui-image-mask.css' => '5a8b09c8',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/phui/phui-info-panel.css' => '27ea50a1',
|
2014-05-29 05:56:20 +02:00
|
|
|
'rsrc/css/phui/phui-list.css' => '43ed2d93',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/phui/phui-object-box.css' => 'e9f7e938',
|
2014-06-25 00:10:19 +02:00
|
|
|
'rsrc/css/phui/phui-object-item-list-view.css' => '7ac40b5a',
|
2014-06-27 18:39:13 +02:00
|
|
|
'rsrc/css/phui/phui-pinboard-view.css' => '3dd4a269',
|
2014-05-22 21:04:11 +02:00
|
|
|
'rsrc/css/phui/phui-property-list-view.css' => '2f7199e8',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/phui/phui-remarkup-preview.css' => '19ad512b',
|
|
|
|
'rsrc/css/phui/phui-spacing.css' => '042804d6',
|
|
|
|
'rsrc/css/phui/phui-status.css' => '2f562399',
|
2014-06-28 06:04:07 +02:00
|
|
|
'rsrc/css/phui/phui-tag-view.css' => '1e8aeb04',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/css/phui/phui-text.css' => '23e9b4b7',
|
2014-05-29 05:56:20 +02:00
|
|
|
'rsrc/css/phui/phui-timeline-view.css' => 'bbd990d0',
|
2014-05-08 23:21:32 +02:00
|
|
|
'rsrc/css/phui/phui-workboard-view.css' => '2bf82d00',
|
2014-06-26 05:55:10 +02:00
|
|
|
'rsrc/css/phui/phui-workpanel-view.css' => 'ed2a2162',
|
2014-05-27 07:12:17 +02:00
|
|
|
'rsrc/css/sprite-apps-large.css' => '12ea1ced',
|
|
|
|
'rsrc/css/sprite-apps.css' => '37ee4f4e',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/css/sprite-conpherence.css' => '3b4a0487',
|
|
|
|
'rsrc/css/sprite-docs.css' => '5f65d0da',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/css/sprite-gradient.css' => '4bdb98a7',
|
2014-06-28 06:04:07 +02:00
|
|
|
'rsrc/css/sprite-login.css' => '878ee4d8',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/css/sprite-main-header.css' => '92720ee2',
|
2014-06-10 01:06:20 +02:00
|
|
|
'rsrc/css/sprite-menu.css' => '28281e16',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/css/sprite-minicons.css' => 'df4f76fe',
|
|
|
|
'rsrc/css/sprite-payments.css' => 'cc085d44',
|
|
|
|
'rsrc/css/sprite-projects.css' => '7578fa56',
|
|
|
|
'rsrc/css/sprite-tokens.css' => '1706b943',
|
2014-05-14 23:44:56 +02:00
|
|
|
'rsrc/externals/font/fontawesome/fontawesome-webfont.eot' => '1cab0752',
|
|
|
|
'rsrc/externals/font/fontawesome/fontawesome-webfont.ttf' => '2ff84fd2',
|
|
|
|
'rsrc/externals/font/fontawesome/fontawesome-webfont.woff' => 'a119ee5e',
|
2014-04-18 02:31:23 +02:00
|
|
|
'rsrc/externals/font/sourcesans/SourceSansPro.woff' => '3614608c',
|
|
|
|
'rsrc/externals/font/sourcesans/SourceSansProBold.woff' => 'cbf46566',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/core/Event.js' => '85ea0626',
|
|
|
|
'rsrc/externals/javelin/core/Stratcom.js' => '8b0ad945',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/externals/javelin/core/__tests__/event-stop-and-kill.js' => '717554e4',
|
|
|
|
'rsrc/externals/javelin/core/__tests__/install.js' => 'c432ee85',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/core/__tests__/stratcom.js' => 'da194d4b',
|
|
|
|
'rsrc/externals/javelin/core/__tests__/util.js' => 'd3b157a9',
|
|
|
|
'rsrc/externals/javelin/core/init.js' => 'b88ab49e',
|
2014-02-18 01:00:51 +01:00
|
|
|
'rsrc/externals/javelin/core/init_node.js' => 'd7dde471',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/core/install.js' => '1ffb3a9c',
|
|
|
|
'rsrc/externals/javelin/core/util.js' => 'a23de73d',
|
|
|
|
'rsrc/externals/javelin/docs/Base.js' => '74676256',
|
|
|
|
'rsrc/externals/javelin/docs/onload.js' => 'e819c479',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/ext/fx/Color.js' => '7e41274a',
|
|
|
|
'rsrc/externals/javelin/ext/fx/FX.js' => '54b612ba',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/externals/javelin/ext/reactor/core/DynVal.js' => 'f6555212',
|
|
|
|
'rsrc/externals/javelin/ext/reactor/core/Reactor.js' => '77b1cf6f',
|
|
|
|
'rsrc/externals/javelin/ext/reactor/core/ReactorNode.js' => 'b4c30592',
|
|
|
|
'rsrc/externals/javelin/ext/reactor/core/ReactorNodeCalmer.js' => '76f4ebed',
|
|
|
|
'rsrc/externals/javelin/ext/reactor/dom/RDOM.js' => 'b6d401d6',
|
|
|
|
'rsrc/externals/javelin/ext/view/HTMLView.js' => 'e5b406f9',
|
|
|
|
'rsrc/externals/javelin/ext/view/View.js' => '0f764c35',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/ext/view/ViewInterpreter.js' => '0c33c1a0',
|
|
|
|
'rsrc/externals/javelin/ext/view/ViewPlaceholder.js' => '2fa810fc',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/externals/javelin/ext/view/ViewRenderer.js' => '6c2b09a2',
|
|
|
|
'rsrc/externals/javelin/ext/view/ViewVisitor.js' => 'efe49472',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/ext/view/__tests__/HTMLView.js' => 'f92d7bcb',
|
|
|
|
'rsrc/externals/javelin/ext/view/__tests__/View.js' => 'bda69c40',
|
|
|
|
'rsrc/externals/javelin/ext/view/__tests__/ViewInterpreter.js' => '7a94d6a5',
|
|
|
|
'rsrc/externals/javelin/ext/view/__tests__/ViewRenderer.js' => '5426001c',
|
|
|
|
'rsrc/externals/javelin/lib/Cookie.js' => '6b3dcf44',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/lib/DOM.js' => 'c4569c05',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/lib/History.js' => 'c60f4327',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/lib/JSON.js' => '69adf288',
|
|
|
|
'rsrc/externals/javelin/lib/Mask.js' => '8a41885b',
|
|
|
|
'rsrc/externals/javelin/lib/Request.js' => '97258e55',
|
2014-06-06 02:16:36 +02:00
|
|
|
'rsrc/externals/javelin/lib/Resource.js' => '0f81f8df',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'rsrc/externals/javelin/lib/Routable.js' => 'b3e7d692',
|
|
|
|
'rsrc/externals/javelin/lib/Router.js' => '29274e2b',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/lib/URI.js' => '6eff08aa',
|
|
|
|
'rsrc/externals/javelin/lib/Vector.js' => '23cbb8ac',
|
|
|
|
'rsrc/externals/javelin/lib/Workflow.js' => 'd149e002',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/javelin/lib/__tests__/Cookie.js' => '5ed109e8',
|
|
|
|
'rsrc/externals/javelin/lib/__tests__/DOM.js' => 'c984504b',
|
|
|
|
'rsrc/externals/javelin/lib/__tests__/JSON.js' => '2295d074',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/externals/javelin/lib/__tests__/URI.js' => '003ed329',
|
|
|
|
'rsrc/externals/javelin/lib/__tests__/behavior.js' => '1ea62783',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/externals/javelin/lib/behavior.js' => '61cbc29a',
|
|
|
|
'rsrc/externals/javelin/lib/control/tokenizer/Tokenizer.js' => 'a5b67173',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/Typeahead.js' => '61f72a3d',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/normalizer/TypeaheadNormalizer.js' => 'aa93c7b0',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/source/TypeaheadCompositeSource.js' => '503e17fd',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/source/TypeaheadOnDemandSource.js' => '8b3fd187',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/source/TypeaheadPreloadedSource.js' => '54f314a0',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/source/TypeaheadSource.js' => '210aa43b',
|
|
|
|
'rsrc/externals/javelin/lib/control/typeahead/source/TypeaheadStaticSource.js' => '316b8fa1',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/externals/raphael/g.raphael.js' => '40dde778',
|
|
|
|
'rsrc/externals/raphael/g.raphael.line.js' => '40da039e',
|
|
|
|
'rsrc/externals/raphael/raphael.js' => '51ee6b43',
|
2014-02-14 00:15:58 +01:00
|
|
|
'rsrc/image/BFCFDA.png' => 'd5ec91f4',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/actions/edit.png' => '2fc41442',
|
|
|
|
'rsrc/image/apple-touch-icon.png' => '8458dda7',
|
2014-03-28 03:36:51 +01:00
|
|
|
'rsrc/image/avatar.png' => '3eb28cd9',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/checker_dark.png' => 'd8e65881',
|
|
|
|
'rsrc/image/checker_light.png' => 'a0155918',
|
2014-06-15 16:44:12 +02:00
|
|
|
'rsrc/image/checker_lighter.png' => 'd5da91b6',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/credit_cards.png' => '72b8ede8',
|
|
|
|
'rsrc/image/darkload.gif' => '1ffd3ec6',
|
|
|
|
'rsrc/image/divot.png' => '94dded62',
|
2014-06-18 23:09:37 +02:00
|
|
|
'rsrc/image/examples/hero.png' => '979a86ae',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/grippy_texture.png' => 'aca81e2f',
|
|
|
|
'rsrc/image/icon/fatcow/arrow_branch.png' => '2537c01c',
|
|
|
|
'rsrc/image/icon/fatcow/arrow_merge.png' => '21b660e0',
|
|
|
|
'rsrc/image/icon/fatcow/bullet_black.png' => 'ff190031',
|
|
|
|
'rsrc/image/icon/fatcow/bullet_orange.png' => 'e273e5bb',
|
|
|
|
'rsrc/image/icon/fatcow/bullet_red.png' => 'c0b75434',
|
|
|
|
'rsrc/image/icon/fatcow/calendar_edit.png' => '24632275',
|
|
|
|
'rsrc/image/icon/fatcow/document_black.png' => '45fe1c60',
|
|
|
|
'rsrc/image/icon/fatcow/flag_blue.png' => 'a01abb1d',
|
|
|
|
'rsrc/image/icon/fatcow/flag_finish.png' => '67825cee',
|
|
|
|
'rsrc/image/icon/fatcow/flag_ghost.png' => '20ca8783',
|
|
|
|
'rsrc/image/icon/fatcow/flag_green.png' => '7e0eaa7a',
|
|
|
|
'rsrc/image/icon/fatcow/flag_orange.png' => '9e73df66',
|
|
|
|
'rsrc/image/icon/fatcow/flag_pink.png' => '7e92f3b2',
|
|
|
|
'rsrc/image/icon/fatcow/flag_purple.png' => 'cc517522',
|
|
|
|
'rsrc/image/icon/fatcow/flag_red.png' => '04ec726f',
|
|
|
|
'rsrc/image/icon/fatcow/flag_yellow.png' => '73946fd4',
|
|
|
|
'rsrc/image/icon/fatcow/folder.png' => '95a435af',
|
|
|
|
'rsrc/image/icon/fatcow/folder_go.png' => '001cbc94',
|
|
|
|
'rsrc/image/icon/fatcow/key_question.png' => '52a0c26a',
|
|
|
|
'rsrc/image/icon/fatcow/link.png' => '7afd4d5e',
|
|
|
|
'rsrc/image/icon/fatcow/page_white_edit.png' => '39a2eed8',
|
|
|
|
'rsrc/image/icon/fatcow/page_white_link.png' => 'a90023c7',
|
|
|
|
'rsrc/image/icon/fatcow/page_white_put.png' => '08c95a0c',
|
|
|
|
'rsrc/image/icon/fatcow/page_white_text.png' => '1e1f79c3',
|
|
|
|
'rsrc/image/icon/fatcow/source/conduit.png' => '4ea01d2f',
|
|
|
|
'rsrc/image/icon/fatcow/source/email.png' => '9bab3239',
|
|
|
|
'rsrc/image/icon/fatcow/source/fax.png' => '04195e68',
|
|
|
|
'rsrc/image/icon/fatcow/source/mobile.png' => 'f1321264',
|
|
|
|
'rsrc/image/icon/fatcow/source/tablet.png' => '49396799',
|
|
|
|
'rsrc/image/icon/fatcow/source/web.png' => '136ccb5d',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/default.p100.png' => '7d490b01',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/default160x120.png' => 'f2e8a2eb',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/default280x210.png' => '43e8926a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/default60x45.png' => '0118abed',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/image.p100.png' => 'da23cf97',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/image160x120.png' => '79bb556a',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/image280x210.png' => '91ae054a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/image60x45.png' => 'c5e1685e',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/pdf.p100.png' => '87d5e065',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/pdf160x120.png' => 'ac9edbf5',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/pdf280x210.png' => '1c585653',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/pdf60x45.png' => 'c0db4143',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/zip.p100.png' => '6ea5aae4',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/zip160x120.png' => '75f9cd0f',
|
2014-06-15 17:03:04 +02:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/zip280x210.png' => 'dfda5b8e',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/icon/fatcow/thumbnails/zip60x45.png' => 'af11bf3e',
|
|
|
|
'rsrc/image/icon/lightbox/close-2.png' => 'cc40e7c8',
|
|
|
|
'rsrc/image/icon/lightbox/close-hover-2.png' => 'fb5d6d9e',
|
|
|
|
'rsrc/image/icon/lightbox/left-arrow-2.png' => '8426133b',
|
|
|
|
'rsrc/image/icon/lightbox/left-arrow-hover-2.png' => '701e5ee3',
|
|
|
|
'rsrc/image/icon/lightbox/right-arrow-2.png' => '6d5519a0',
|
|
|
|
'rsrc/image/icon/lightbox/right-arrow-hover-2.png' => '3a04aa21',
|
|
|
|
'rsrc/image/icon/subscribe.png' => 'd03ed5a5',
|
|
|
|
'rsrc/image/icon/tango/attachment.png' => 'ecc8022e',
|
|
|
|
'rsrc/image/icon/tango/edit.png' => '929a1363',
|
|
|
|
'rsrc/image/icon/tango/go-down.png' => '96d95e43',
|
|
|
|
'rsrc/image/icon/tango/log.png' => 'b08cc63a',
|
|
|
|
'rsrc/image/icon/tango/upload.png' => '7bbb7984',
|
|
|
|
'rsrc/image/icon/unsubscribe.png' => '25725013',
|
2014-01-18 17:31:47 +01:00
|
|
|
'rsrc/image/lightblue-header.png' => '5c168b6d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/loading.gif' => '75d384cc',
|
|
|
|
'rsrc/image/loading/boating_24.gif' => '5c90f086',
|
|
|
|
'rsrc/image/loading/compass_24.gif' => 'b36b4f46',
|
|
|
|
'rsrc/image/loading/loading_24.gif' => '26bc9adc',
|
|
|
|
'rsrc/image/loading/loading_48.gif' => '6a4994c7',
|
|
|
|
'rsrc/image/loading/loading_d48.gif' => 'cdcbe900',
|
|
|
|
'rsrc/image/loading/loading_w24.gif' => '7662fa2b',
|
|
|
|
'rsrc/image/main_texture.png' => '29a2c5ad',
|
|
|
|
'rsrc/image/menu_texture.png' => '5a17580d',
|
|
|
|
'rsrc/image/people/harding.png' => '45aa614e',
|
|
|
|
'rsrc/image/people/jefferson.png' => 'afca0e53',
|
|
|
|
'rsrc/image/people/lincoln.png' => '9369126d',
|
|
|
|
'rsrc/image/people/mckinley.png' => 'fb8f16ce',
|
|
|
|
'rsrc/image/people/taft.png' => 'd7bc402c',
|
|
|
|
'rsrc/image/people/washington.png' => '40dd301c',
|
|
|
|
'rsrc/image/phrequent_active.png' => 'a466a8ed',
|
|
|
|
'rsrc/image/phrequent_inactive.png' => 'bfc15a69',
|
|
|
|
'rsrc/image/search-white.png' => '64cc0d45',
|
|
|
|
'rsrc/image/search.png' => '82625a7e',
|
2014-05-27 07:12:17 +02:00
|
|
|
'rsrc/image/sprite-apps-X2.png' => '10fe124a',
|
|
|
|
'rsrc/image/sprite-apps-X4.png' => '9c151271',
|
|
|
|
'rsrc/image/sprite-apps-large-X2.png' => '4a828a0f',
|
|
|
|
'rsrc/image/sprite-apps-large.png' => '141d8c93',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/sprite-apps-xlarge.png' => 'a751a580',
|
2014-05-27 07:12:17 +02:00
|
|
|
'rsrc/image/sprite-apps.png' => 'f6a0599f',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/image/sprite-conpherence-X2.png' => 'cd2d08d7',
|
|
|
|
'rsrc/image/sprite-conpherence.png' => 'a5ab2eb7',
|
|
|
|
'rsrc/image/sprite-docs-X2.png' => '6dc1adad',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/sprite-docs.png' => '4636297f',
|
2014-06-24 18:39:32 +02:00
|
|
|
'rsrc/image/sprite-gradient.png' => 'ec15a417',
|
2014-06-28 06:04:07 +02:00
|
|
|
'rsrc/image/sprite-login-X2.png' => '3b2182c4',
|
|
|
|
'rsrc/image/sprite-login.png' => '9effdc71',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/image/sprite-main-header.png' => '83521873',
|
2014-06-10 01:06:20 +02:00
|
|
|
'rsrc/image/sprite-menu-X2.png' => '39d78f97',
|
|
|
|
'rsrc/image/sprite-menu.png' => '259dab45',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/image/sprite-minicons-X2.png' => '55377e4e',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/sprite-minicons.png' => '272644ea',
|
2014-02-17 19:06:16 +01:00
|
|
|
'rsrc/image/sprite-payments.png' => 'd8576309',
|
|
|
|
'rsrc/image/sprite-projects-X2.png' => '218fdc8b',
|
|
|
|
'rsrc/image/sprite-projects.png' => '631ff9a7',
|
|
|
|
'rsrc/image/sprite-tokens-X2.png' => 'b4776580',
|
|
|
|
'rsrc/image/sprite-tokens.png' => '25b75533',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/image/texture/card-gradient.png' => '815f26e8',
|
|
|
|
'rsrc/image/texture/dark-menu-hover.png' => '5fa7ece8',
|
|
|
|
'rsrc/image/texture/dark-menu.png' => '7e22296e',
|
|
|
|
'rsrc/image/texture/grip.png' => '719404f3',
|
|
|
|
'rsrc/image/texture/panel-header-gradient.png' => 'e3b8dcfe',
|
|
|
|
'rsrc/image/texture/phlnx-bg.png' => '8d819209',
|
|
|
|
'rsrc/image/texture/pholio-background.gif' => 'ba29239c',
|
|
|
|
'rsrc/image/texture/table_header.png' => '5c433037',
|
|
|
|
'rsrc/image/texture/table_header_hover.png' => '038ec3b9',
|
|
|
|
'rsrc/image/texture/table_header_tall.png' => 'd56b434f',
|
2014-06-24 01:26:16 +02:00
|
|
|
'rsrc/js/application/aphlict/Aphlict.js' => '4a07e8e3',
|
|
|
|
'rsrc/js/application/aphlict/behavior-aphlict-dropdown.js' => 'f51afce0',
|
2014-06-24 00:19:34 +02:00
|
|
|
'rsrc/js/application/aphlict/behavior-aphlict-listen.js' => 'a826c925',
|
2014-06-24 01:26:16 +02:00
|
|
|
'rsrc/js/application/aphlict/behavior-aphlict-status.js' => '58f7803f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/auth/behavior-persona-login.js' => '9414ff18',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/config/behavior-reorder-fields.js' => '14a827de',
|
|
|
|
'rsrc/js/application/conpherence/behavior-menu.js' => 'f0a41b9f',
|
|
|
|
'rsrc/js/application/conpherence/behavior-pontificate.js' => '85ab3c8e',
|
2014-05-05 19:57:23 +02:00
|
|
|
'rsrc/js/application/conpherence/behavior-widget-pane.js' => '40b1ff90',
|
2014-06-06 02:16:36 +02:00
|
|
|
'rsrc/js/application/countdown/timer.js' => '361e3ed3',
|
2014-05-19 23:04:26 +02:00
|
|
|
'rsrc/js/application/dashboard/behavior-dashboard-async-panel.js' => '469c0d9e',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/dashboard/behavior-dashboard-move-panels.js' => '82439934',
|
|
|
|
'rsrc/js/application/dashboard/behavior-dashboard-query-panel-select.js' => '880fa5ac',
|
|
|
|
'rsrc/js/application/dashboard/behavior-dashboard-tab-panel.js' => 'd4eecc63',
|
|
|
|
'rsrc/js/application/differential/ChangesetViewManager.js' => 'd2907473',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/differential/DifferentialInlineCommentEditor.js' => 'f2441746',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/differential/behavior-add-reviewers-and-ccs.js' => 'e10f8e18',
|
2014-07-01 20:04:05 +02:00
|
|
|
'rsrc/js/application/differential/behavior-comment-jump.js' => '4fdb476d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/differential/behavior-comment-preview.js' => '127f2018',
|
|
|
|
'rsrc/js/application/differential/behavior-diff-radios.js' => 'e1ff79b1',
|
2014-06-20 20:49:41 +02:00
|
|
|
'rsrc/js/application/differential/behavior-dropdown-menus.js' => '710f209e',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/js/application/differential/behavior-edit-inline-comments.js' => '00861799',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/differential/behavior-keyboard-nav.js' => '8d199d97',
|
Consolidate changeset rendering logic
Summary:
Ref T5179. Currently, all the changeset rendering logic is in the "populate" behavior, and a lot of it comes in via configuration and is hard to get at.
Instead, surface an object which can control it, and which other behaviors can access more easily.
In particular, this allows us to add a "Load/Reload" item to the view options menu, which would previously have been very challenging.
Load/Reload isn't useful on its own, but is a step away from "Show whitespace as...", "Highlight as...", "Show tabtops as...", "View Unified", "View Side-By-Side", etc.
Test Plan:
- Viewed Differential.
- Viewed Diffusion.
- Viewed large changesets, clicked "Load".
- Used "Load" and "Reload" from view options menu.
- Loaded all changes in a large diff, verified "Load" and TOC clicks take precedence over other content loads.
- Played with content stability stuff.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5179
Differential Revision: https://secure.phabricator.com/D9286
2014-05-25 16:13:22 +02:00
|
|
|
'rsrc/js/application/differential/behavior-populate.js' => 'bdb3e4d0',
|
2014-02-14 19:23:07 +01:00
|
|
|
'rsrc/js/application/differential/behavior-show-all-comments.js' => '7c273581',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/differential/behavior-show-field-details.js' => 'bba9eedf',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/differential/behavior-show-more.js' => 'dd7e8ef5',
|
|
|
|
'rsrc/js/application/differential/behavior-toggle-files.js' => 'ca3f91eb',
|
|
|
|
'rsrc/js/application/differential/behavior-user-select.js' => 'a8d8459d',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/diffusion/DiffusionLocateFileSource.js' => 'b42eddc7',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/diffusion/behavior-audit-preview.js' => 'd835b03a',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/js/application/diffusion/behavior-commit-branches.js' => 'bdaf4d04',
|
|
|
|
'rsrc/js/application/diffusion/behavior-commit-graph.js' => 'f7f1289f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/diffusion/behavior-jump-to.js' => '9db3d160',
|
|
|
|
'rsrc/js/application/diffusion/behavior-load-blame.js' => '42126667',
|
2014-05-13 23:09:00 +02:00
|
|
|
'rsrc/js/application/diffusion/behavior-locate-file.js' => '6d3e1947',
|
2014-05-12 20:53:31 +02:00
|
|
|
'rsrc/js/application/diffusion/behavior-pull-lastmodified.js' => '2b228192',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/js/application/doorkeeper/behavior-doorkeeper-tag.js' => 'e5822781',
|
|
|
|
'rsrc/js/application/files/behavior-icon-composer.js' => '8ef9ab58',
|
|
|
|
'rsrc/js/application/files/behavior-launch-icon-composer.js' => '48086888',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/harbormaster/behavior-reorder-steps.js' => 'b716477f',
|
Allow Herald to "Require legal signatures" for reviews
Summary:
Ref T3116. Add a Herald action "Require legal signatures" which requires revision authors to accept legal agreements before their revisions can be accepted.
- Herald will check which documents the author has signed, and trigger a "you have to sign X, Y, Z" for other documents.
- If the author has already signed everything, we don't spam the revision -- basically, this only triggers when signatures are missing.
- The UI will show which documents must be signed and warn that the revision can't be accepted until they're completed.
- Users aren't allowed to "Accept" the revision until documents are cleared.
Fixes T1157. The original install making the request (Hive) no longer uses Phabricator, and this satisfies our requirements.
Test Plan:
- Added a Herald rule.
- Created a revision, saw the rule trigger.
- Viewed as author and non-author, saw field UI (generic for non-author, specific for author), transaction UI, and accept-warning UI.
- Tried to accept revision.
- Signed document, saw UI update. Note that signatures don't currently //push// an update to the revision, but could eventually (like blocking tasks work).
- Accepted revision.
- Created another revision, saw rules not add the document (since it's already signed, this is the "no spam" case).
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: asherkin, epriestley
Maniphest Tasks: T1157, T3116
Differential Revision: https://secure.phabricator.com/D9771
2014-06-29 16:53:53 +02:00
|
|
|
'rsrc/js/application/herald/HeraldRuleEditor.js' => '58e048fc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/herald/PathTypeahead.js' => 'f7fc67ec',
|
|
|
|
'rsrc/js/application/herald/herald-rule-editor.js' => '7ebaeed3',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/maniphest/behavior-batch-editor.js' => 'f588412e',
|
|
|
|
'rsrc/js/application/maniphest/behavior-batch-selector.js' => '7b98d7c5',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/maniphest/behavior-line-chart.js' => '22e16ae7',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/maniphest/behavior-list-edit.js' => 'a9f88de2',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/maniphest/behavior-subpriorityeditor.js' => '84845b5b',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/maniphest/behavior-transaction-controls.js' => '44168bad',
|
|
|
|
'rsrc/js/application/maniphest/behavior-transaction-expand.js' => '5fefb143',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/maniphest/behavior-transaction-preview.js' => 'f8248bc5',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/owners/OwnersPathEditor.js' => 'aa1733d0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/owners/owners-path-editor.js' => '7a68dda3',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/passphrase/phame-credential-control.js' => '3d51a746',
|
|
|
|
'rsrc/js/application/phame/phame-post-preview.js' => 'be807912',
|
|
|
|
'rsrc/js/application/pholio/behavior-pholio-mock-edit.js' => '9c2623f4',
|
|
|
|
'rsrc/js/application/pholio/behavior-pholio-mock-view.js' => '152178f0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/phortune/behavior-balanced-payment-form.js' => '3b3e1664',
|
|
|
|
'rsrc/js/application/phortune/behavior-stripe-payment-form.js' => '1693a296',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/phortune/behavior-test-payment-form.js' => 'ab8d2723',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/phortune/phortune-credit-card-form.js' => '2290aeef',
|
2014-05-29 05:56:20 +02:00
|
|
|
'rsrc/js/application/policy/behavior-policy-control.js' => 'f3fef818',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/policy/behavior-policy-rule-editor.js' => '92918fcb',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/ponder/behavior-votebox.js' => '4e9b766b',
|
2014-06-25 21:30:53 +02:00
|
|
|
'rsrc/js/application/projects/behavior-boards-dropdown.js' => '0ec56e1d',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/projects/behavior-project-boards.js' => '1cb113dc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/projects/behavior-project-create.js' => '065227cc',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/releeph/releeph-preview-branch.js' => 'b2b4fbaf',
|
|
|
|
'rsrc/js/application/releeph/releeph-request-state-change.js' => 'ab836011',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/js/application/releeph/releeph-request-typeahead.js' => 'de2e896f',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/repository/repository-crossreference.js' => 'f9539603',
|
|
|
|
'rsrc/js/application/search/behavior-reorder-queries.js' => 'e9581f08',
|
|
|
|
'rsrc/js/application/slowvote/behavior-slowvote-embed.js' => 'd6f54db0',
|
2014-06-21 21:50:40 +02:00
|
|
|
'rsrc/js/application/transactions/behavior-transaction-comment-form.js' => '9f7309fb',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/transactions/behavior-transaction-list.js' => '71f66c08',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/application/uiexample/JavelinViewExample.js' => 'd4a14807',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/uiexample/ReactorButtonExample.js' => 'd19198c8',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/uiexample/ReactorCheckboxExample.js' => '519705ea',
|
|
|
|
'rsrc/js/application/uiexample/ReactorFocusExample.js' => '40a6a403',
|
|
|
|
'rsrc/js/application/uiexample/ReactorInputExample.js' => '886fd850',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/uiexample/ReactorMouseoverExample.js' => '47c794d8',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/application/uiexample/ReactorRadioExample.js' => '988040b4',
|
|
|
|
'rsrc/js/application/uiexample/ReactorSelectExample.js' => 'a155550f',
|
|
|
|
'rsrc/js/application/uiexample/ReactorSendClassExample.js' => '1def2711',
|
|
|
|
'rsrc/js/application/uiexample/ReactorSendPropertiesExample.js' => 'b1f0ccee',
|
|
|
|
'rsrc/js/application/uiexample/busy-example.js' => '60479091',
|
|
|
|
'rsrc/js/application/uiexample/gesture-example.js' => '558829c2',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/application/uiexample/notification-example.js' => '7a9677fc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/Busy.js' => '6453c869',
|
2014-06-21 19:04:46 +02:00
|
|
|
'rsrc/js/core/DragAndDropFileUpload.js' => '1d8ad5c3',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/DraggableList.js' => '2cad29d1',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/js/core/FileUpload.js' => 'a4ae61bf',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/Hovercard.js' => '7e8468ae',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/KeyboardShortcut.js' => '1ae869f2',
|
|
|
|
'rsrc/js/core/KeyboardShortcutManager.js' => 'ad7a69ca',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/MultirowRowManager.js' => '41e47dea',
|
2014-02-27 20:06:55 +01:00
|
|
|
'rsrc/js/core/Notification.js' => '0c6946e7',
|
2014-05-19 01:10:54 +02:00
|
|
|
'rsrc/js/core/Prefab.js' => '41ed7994',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'rsrc/js/core/ShapedRequest.js' => '7cbe244b',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/TextAreaUtils.js' => 'b3ec3cfc',
|
2014-04-12 14:55:12 +02:00
|
|
|
'rsrc/js/core/ToolTip.js' => '3915d490',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-active-nav.js' => 'e379b58e',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-audio-source.js' => '59b251eb',
|
|
|
|
'rsrc/js/core/behavior-autofocus.js' => '7319e029',
|
2014-06-26 18:41:07 +02:00
|
|
|
'rsrc/js/core/behavior-choose-control.js' => '6153c708',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-crop.js' => 'fa0f4fc2',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/behavior-dark-console.js' => '357b6e9b',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-device.js' => '03d6ed07',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/behavior-drag-and-drop-textarea.js' => '92eb531d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-error-log.js' => 'a5d7cf86',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/behavior-fancy-datepicker.js' => 'a5573bcd',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-file-tree.js' => '88236f00',
|
|
|
|
'rsrc/js/core/behavior-form.js' => '3b1557b3',
|
|
|
|
'rsrc/js/core/behavior-gesture.js' => '3ab51e2c',
|
|
|
|
'rsrc/js/core/behavior-global-drag-and-drop.js' => '3672899b',
|
2014-04-28 02:31:35 +02:00
|
|
|
'rsrc/js/core/behavior-high-security-warning.js' => '8fc1c918',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-history-install.js' => '7ee2b591',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-hovercard.js' => 'f36e01af',
|
|
|
|
'rsrc/js/core/behavior-keyboard-pager.js' => 'a8da01f0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-keyboard-shortcuts.js' => 'd75709e6',
|
|
|
|
'rsrc/js/core/behavior-konami.js' => '5bc2cb21',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-lightbox-attachments.js' => '0720f2cf',
|
2014-05-30 19:07:33 +02:00
|
|
|
'rsrc/js/core/behavior-line-linker.js' => 'f726d506',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-more.js' => 'a80d0378',
|
2014-06-23 19:35:39 +02:00
|
|
|
'rsrc/js/core/behavior-object-selector.js' => '39841ead',
|
|
|
|
'rsrc/js/core/behavior-oncopy.js' => '2926fff2',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-phabricator-nav.js' => '14d7a8b8',
|
2014-07-01 20:04:05 +02:00
|
|
|
'rsrc/js/core/behavior-phabricator-remarkup-assist.js' => 'e32d14ab',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'rsrc/js/core/behavior-refresh-csrf.js' => '7814b593',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-remarkup-preview.js' => 'f7379f45',
|
2014-06-23 19:27:47 +02:00
|
|
|
'rsrc/js/core/behavior-reorder-applications.js' => '76b9fc3e',
|
|
|
|
'rsrc/js/core/behavior-reveal-content.js' => '60821bc7',
|
|
|
|
'rsrc/js/core/behavior-search-typeahead.js' => '5a376f34',
|
|
|
|
'rsrc/js/core/behavior-select-on-click.js' => '4e3e79a6',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'rsrc/js/core/behavior-toggle-class.js' => 'e566f52c',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-tokenizer.js' => 'b3a4b884',
|
2014-06-26 18:41:07 +02:00
|
|
|
'rsrc/js/core/behavior-tooltip.js' => '3ee3408b',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/behavior-watch-anchor.js' => '06e05112',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'rsrc/js/core/behavior-workflow.js' => '0a3f3021',
|
2014-01-01 16:46:25 +01:00
|
|
|
'rsrc/js/core/phtize.js' => 'd254d646',
|
|
|
|
'rsrc/js/phui/behavior-phui-object-box-tabs.js' => 'a3e2244e',
|
2014-05-05 19:57:23 +02:00
|
|
|
'rsrc/js/phui/behavior-phui-timeline-dropdown-menu.js' => '4d94d9c3',
|
|
|
|
'rsrc/js/phuix/PHUIXActionListView.js' => 'b5c256b8',
|
2014-05-19 01:10:54 +02:00
|
|
|
'rsrc/js/phuix/PHUIXActionView.js' => '6e8cefa4',
|
2014-05-05 19:57:23 +02:00
|
|
|
'rsrc/js/phuix/PHUIXDropdownMenu.js' => 'bd4c8dca',
|
2014-06-25 00:10:19 +02:00
|
|
|
'rsrc/swf/aphlict.swf' => 'f19daffb',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'symbols' =>
|
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
'aphront-bars' => '231ac33c',
|
|
|
|
'aphront-contextbar-view-css' => '1c3b0529',
|
2014-01-06 06:47:21 +01:00
|
|
|
'aphront-dark-console-css' => '6378ef3d',
|
2014-06-24 18:39:32 +02:00
|
|
|
'aphront-dialog-view-css' => '4dbbe3bb',
|
2014-06-26 16:16:42 +02:00
|
|
|
'aphront-error-view-css' => '3462dbee',
|
2014-05-02 23:25:05 +02:00
|
|
|
'aphront-list-filter-view-css' => '2ae43867',
|
2014-05-08 23:21:32 +02:00
|
|
|
'aphront-multi-column-view-css' => '1b95ab2e',
|
2014-01-01 16:46:25 +01:00
|
|
|
'aphront-pager-view-css' => '2e3539af',
|
2014-01-21 23:23:36 +01:00
|
|
|
'aphront-panel-view-css' => '5846dfa2',
|
2014-01-01 16:46:25 +01:00
|
|
|
'aphront-request-failure-view-css' => 'da14df31',
|
2014-06-13 20:36:01 +02:00
|
|
|
'aphront-table-view-css' => 'b22b7216',
|
2014-05-29 05:56:20 +02:00
|
|
|
'aphront-tokenizer-control-css' => '82ce2142',
|
2014-01-01 16:46:25 +01:00
|
|
|
'aphront-tooltip-css' => '9c90229d',
|
|
|
|
'aphront-two-column-view-css' => '16ab3ad2',
|
2014-05-28 00:26:16 +02:00
|
|
|
'aphront-typeahead-control-css' => 'a989b5b3',
|
2014-01-01 16:46:25 +01:00
|
|
|
'auth-css' => '1e655982',
|
2014-06-23 19:27:47 +02:00
|
|
|
'changeset-view-manager' => 'd2907473',
|
2014-01-01 16:46:25 +01:00
|
|
|
'config-options-css' => '7fedf08b',
|
2014-06-24 18:39:32 +02:00
|
|
|
'config-welcome-css' => 'b0d16200',
|
2014-05-31 06:03:23 +02:00
|
|
|
'conpherence-menu-css' => 'e1e0fdf1',
|
2014-06-12 00:40:47 +02:00
|
|
|
'conpherence-message-pane-css' => '11a393ca',
|
2014-05-28 00:26:16 +02:00
|
|
|
'conpherence-notification-css' => '04a6e10a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'conpherence-update-css' => '1099a660',
|
2014-05-05 19:57:23 +02:00
|
|
|
'conpherence-widget-pane-css' => 'bf275a6c',
|
2014-06-04 21:53:07 +02:00
|
|
|
'differential-changeset-view-css' => 'ff8eacf8',
|
2014-02-27 20:06:55 +01:00
|
|
|
'differential-core-view-css' => '7ac3cabc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'differential-inline-comment-editor' => 'f2441746',
|
|
|
|
'differential-results-table-css' => '239924f9',
|
|
|
|
'differential-revision-add-comment-css' => 'c478bcaa',
|
|
|
|
'differential-revision-comment-css' => '48186045',
|
2014-03-12 21:53:04 +01:00
|
|
|
'differential-revision-history-css' => '0e8eb855',
|
2014-01-01 16:46:25 +01:00
|
|
|
'differential-revision-list-css' => 'f3c47d33',
|
2014-04-03 06:49:28 +02:00
|
|
|
'differential-table-of-contents-css' => '6bf8e1d2',
|
2014-01-01 16:46:25 +01:00
|
|
|
'diffusion-commit-view-css' => '92d1e8f9',
|
2014-06-13 20:36:01 +02:00
|
|
|
'diffusion-icons-css' => '9c5828da',
|
2014-01-01 16:46:25 +01:00
|
|
|
'diffusion-source-css' => '66fdf661',
|
2014-03-06 20:28:24 +01:00
|
|
|
'diviner-shared-css' => '38813222',
|
2014-05-16 18:28:01 +02:00
|
|
|
'font-fontawesome' => '73d075c3',
|
2014-04-18 02:31:23 +02:00
|
|
|
'font-source-sans-pro' => '91d53463',
|
2014-01-01 16:46:25 +01:00
|
|
|
'global-drag-and-drop-css' => '697324ad',
|
2014-03-26 00:02:34 +01:00
|
|
|
'harbormaster-css' => 'cec833b7',
|
2014-04-27 20:18:48 +02:00
|
|
|
'herald-css' => 'c544dd1c',
|
Allow Herald to "Require legal signatures" for reviews
Summary:
Ref T3116. Add a Herald action "Require legal signatures" which requires revision authors to accept legal agreements before their revisions can be accepted.
- Herald will check which documents the author has signed, and trigger a "you have to sign X, Y, Z" for other documents.
- If the author has already signed everything, we don't spam the revision -- basically, this only triggers when signatures are missing.
- The UI will show which documents must be signed and warn that the revision can't be accepted until they're completed.
- Users aren't allowed to "Accept" the revision until documents are cleared.
Fixes T1157. The original install making the request (Hive) no longer uses Phabricator, and this satisfies our requirements.
Test Plan:
- Added a Herald rule.
- Created a revision, saw the rule trigger.
- Viewed as author and non-author, saw field UI (generic for non-author, specific for author), transaction UI, and accept-warning UI.
- Tried to accept revision.
- Signed document, saw UI update. Note that signatures don't currently //push// an update to the revision, but could eventually (like blocking tasks work).
- Accepted revision.
- Created another revision, saw rules not add the document (since it's already signed, this is the "no spam" case).
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: asherkin, epriestley
Maniphest Tasks: T1157, T3116
Differential Revision: https://secure.phabricator.com/D9771
2014-06-29 16:53:53 +02:00
|
|
|
'herald-rule-editor' => '58e048fc',
|
2014-04-27 20:18:48 +02:00
|
|
|
'herald-test-css' => '778b008e',
|
2014-05-02 06:59:59 +02:00
|
|
|
'inline-comment-summary-css' => '8cfd34e8',
|
2014-06-24 01:26:16 +02:00
|
|
|
'javelin-aphlict' => '4a07e8e3',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-behavior' => '61cbc29a',
|
2014-06-24 01:26:16 +02:00
|
|
|
'javelin-behavior-aphlict-dropdown' => 'f51afce0',
|
2014-06-24 00:19:34 +02:00
|
|
|
'javelin-behavior-aphlict-listen' => 'a826c925',
|
2014-06-24 01:26:16 +02:00
|
|
|
'javelin-behavior-aphlict-status' => '58f7803f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-aphront-basic-tokenizer' => 'b3a4b884',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-aphront-crop' => 'fa0f4fc2',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-aphront-drag-and-drop-textarea' => '92eb531d',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-aphront-form-disable-on-submit' => '3b1557b3',
|
|
|
|
'javelin-behavior-aphront-more' => 'a80d0378',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-audio-source' => '59b251eb',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-audit-preview' => 'd835b03a',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-balanced-payment-form' => '3b3e1664',
|
2014-06-25 21:30:53 +02:00
|
|
|
'javelin-behavior-boards-dropdown' => '0ec56e1d',
|
2014-06-26 18:41:07 +02:00
|
|
|
'javelin-behavior-choose-control' => '6153c708',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-config-reorder-fields' => '14a827de',
|
|
|
|
'javelin-behavior-conpherence-menu' => 'f0a41b9f',
|
|
|
|
'javelin-behavior-conpherence-pontificate' => '85ab3c8e',
|
2014-05-05 19:57:23 +02:00
|
|
|
'javelin-behavior-conpherence-widget-pane' => '40b1ff90',
|
2014-06-06 02:16:36 +02:00
|
|
|
'javelin-behavior-countdown-timer' => '361e3ed3',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-dark-console' => '357b6e9b',
|
2014-05-19 23:04:26 +02:00
|
|
|
'javelin-behavior-dashboard-async-panel' => '469c0d9e',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-dashboard-move-panels' => '82439934',
|
|
|
|
'javelin-behavior-dashboard-query-panel-select' => '880fa5ac',
|
|
|
|
'javelin-behavior-dashboard-tab-panel' => 'd4eecc63',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-device' => '03d6ed07',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-differential-add-reviewers-and-ccs' => 'e10f8e18',
|
2014-07-01 20:04:05 +02:00
|
|
|
'javelin-behavior-differential-comment-jump' => '4fdb476d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-differential-diff-radios' => 'e1ff79b1',
|
2014-06-20 20:49:41 +02:00
|
|
|
'javelin-behavior-differential-dropdown-menus' => '710f209e',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-behavior-differential-edit-inline-comments' => '00861799',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-differential-feedback-preview' => '127f2018',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-differential-keyboard-navigation' => '8d199d97',
|
Consolidate changeset rendering logic
Summary:
Ref T5179. Currently, all the changeset rendering logic is in the "populate" behavior, and a lot of it comes in via configuration and is hard to get at.
Instead, surface an object which can control it, and which other behaviors can access more easily.
In particular, this allows us to add a "Load/Reload" item to the view options menu, which would previously have been very challenging.
Load/Reload isn't useful on its own, but is a step away from "Show whitespace as...", "Highlight as...", "Show tabtops as...", "View Unified", "View Side-By-Side", etc.
Test Plan:
- Viewed Differential.
- Viewed Diffusion.
- Viewed large changesets, clicked "Load".
- Used "Load" and "Reload" from view options menu.
- Loaded all changes in a large diff, verified "Load" and TOC clicks take precedence over other content loads.
- Played with content stability stuff.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5179
Differential Revision: https://secure.phabricator.com/D9286
2014-05-25 16:13:22 +02:00
|
|
|
'javelin-behavior-differential-populate' => 'bdb3e4d0',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-differential-show-field-details' => 'bba9eedf',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-differential-show-more' => 'dd7e8ef5',
|
|
|
|
'javelin-behavior-differential-toggle-files' => 'ca3f91eb',
|
|
|
|
'javelin-behavior-differential-user-select' => 'a8d8459d',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-behavior-diffusion-commit-branches' => 'bdaf4d04',
|
|
|
|
'javelin-behavior-diffusion-commit-graph' => 'f7f1289f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-diffusion-jump-to' => '9db3d160',
|
2014-05-13 23:09:00 +02:00
|
|
|
'javelin-behavior-diffusion-locate-file' => '6d3e1947',
|
2014-05-12 20:53:31 +02:00
|
|
|
'javelin-behavior-diffusion-pull-lastmodified' => '2b228192',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-behavior-doorkeeper-tag' => 'e5822781',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-error-log' => 'a5d7cf86',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-fancy-datepicker' => 'a5573bcd',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-global-drag-and-drop' => '3672899b',
|
|
|
|
'javelin-behavior-harbormaster-reorder-steps' => 'b716477f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-herald-rule-editor' => '7ebaeed3',
|
2014-04-28 02:31:35 +02:00
|
|
|
'javelin-behavior-high-security-warning' => '8fc1c918',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-history-install' => '7ee2b591',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-behavior-icon-composer' => '8ef9ab58',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-konami' => '5bc2cb21',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-behavior-launch-icon-composer' => '48086888',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-lightbox-attachments' => '0720f2cf',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-line-chart' => '22e16ae7',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-load-blame' => '42126667',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-maniphest-batch-editor' => 'f588412e',
|
|
|
|
'javelin-behavior-maniphest-batch-selector' => '7b98d7c5',
|
|
|
|
'javelin-behavior-maniphest-list-editor' => 'a9f88de2',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-maniphest-subpriority-editor' => '84845b5b',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-maniphest-transaction-controls' => '44168bad',
|
|
|
|
'javelin-behavior-maniphest-transaction-expand' => '5fefb143',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-maniphest-transaction-preview' => 'f8248bc5',
|
|
|
|
'javelin-behavior-owners-path-editor' => '7a68dda3',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-passphrase-credential-control' => '3d51a746',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-persona-login' => '9414ff18',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-phabricator-active-nav' => 'e379b58e',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-phabricator-autofocus' => '7319e029',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-phabricator-busy-example' => '60479091',
|
|
|
|
'javelin-behavior-phabricator-file-tree' => '88236f00',
|
|
|
|
'javelin-behavior-phabricator-gesture' => '3ab51e2c',
|
|
|
|
'javelin-behavior-phabricator-gesture-example' => '558829c2',
|
|
|
|
'javelin-behavior-phabricator-hovercards' => 'f36e01af',
|
|
|
|
'javelin-behavior-phabricator-keyboard-pager' => 'a8da01f0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-phabricator-keyboard-shortcuts' => 'd75709e6',
|
2014-05-30 19:07:33 +02:00
|
|
|
'javelin-behavior-phabricator-line-linker' => 'f726d506',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-phabricator-nav' => '14d7a8b8',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-phabricator-notification-example' => '7a9677fc',
|
|
|
|
'javelin-behavior-phabricator-object-selector' => '39841ead',
|
|
|
|
'javelin-behavior-phabricator-oncopy' => '2926fff2',
|
2014-07-01 20:04:05 +02:00
|
|
|
'javelin-behavior-phabricator-remarkup-assist' => 'e32d14ab',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-phabricator-reveal-content' => '60821bc7',
|
|
|
|
'javelin-behavior-phabricator-search-typeahead' => '5a376f34',
|
2014-02-14 19:23:07 +01:00
|
|
|
'javelin-behavior-phabricator-show-all-transactions' => '7c273581',
|
2014-06-26 18:41:07 +02:00
|
|
|
'javelin-behavior-phabricator-tooltips' => '3ee3408b',
|
2014-06-21 21:50:40 +02:00
|
|
|
'javelin-behavior-phabricator-transaction-comment-form' => '9f7309fb',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-phabricator-transaction-list' => '71f66c08',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-phabricator-watch-anchor' => '06e05112',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-phame-post-preview' => 'be807912',
|
|
|
|
'javelin-behavior-pholio-mock-edit' => '9c2623f4',
|
|
|
|
'javelin-behavior-pholio-mock-view' => '152178f0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-phui-object-box-tabs' => 'a3e2244e',
|
2014-05-05 19:57:23 +02:00
|
|
|
'javelin-behavior-phui-timeline-dropdown-menu' => '4d94d9c3',
|
2014-05-29 05:56:20 +02:00
|
|
|
'javelin-behavior-policy-control' => 'f3fef818',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-behavior-policy-rule-editor' => '92918fcb',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-ponder-votebox' => '4e9b766b',
|
|
|
|
'javelin-behavior-project-boards' => '1cb113dc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-project-create' => '065227cc',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'javelin-behavior-refresh-csrf' => '7814b593',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-releeph-preview-branch' => 'b2b4fbaf',
|
|
|
|
'javelin-behavior-releeph-request-state-change' => 'ab836011',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-behavior-releeph-request-typeahead' => 'de2e896f',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-remarkup-preview' => 'f7379f45',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-reorder-applications' => '76b9fc3e',
|
|
|
|
'javelin-behavior-repository-crossreference' => 'f9539603',
|
|
|
|
'javelin-behavior-search-reorder-queries' => 'e9581f08',
|
|
|
|
'javelin-behavior-select-on-click' => '4e3e79a6',
|
|
|
|
'javelin-behavior-slowvote-embed' => 'd6f54db0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-stripe-payment-form' => '1693a296',
|
2014-06-23 19:27:47 +02:00
|
|
|
'javelin-behavior-test-payment-form' => 'ab8d2723',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-behavior-toggle-class' => 'e566f52c',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-behavior-view-placeholder' => '2fa810fc',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'javelin-behavior-workflow' => '0a3f3021',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-color' => '7e41274a',
|
|
|
|
'javelin-cookie' => '6b3dcf44',
|
2014-06-23 19:35:39 +02:00
|
|
|
'javelin-diffusion-locate-file-source' => 'b42eddc7',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-dom' => 'c4569c05',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-dynval' => 'f6555212',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-event' => '85ea0626',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-fx' => '54b612ba',
|
|
|
|
'javelin-history' => 'c60f4327',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-install' => '1ffb3a9c',
|
|
|
|
'javelin-json' => '69adf288',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-magical-init' => 'b88ab49e',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-mask' => '8a41885b',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-reactor' => '77b1cf6f',
|
|
|
|
'javelin-reactor-dom' => 'b6d401d6',
|
|
|
|
'javelin-reactor-node-calmer' => '76f4ebed',
|
|
|
|
'javelin-reactornode' => 'b4c30592',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-request' => '97258e55',
|
2014-06-06 02:16:36 +02:00
|
|
|
'javelin-resource' => '0f81f8df',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'javelin-routable' => 'b3e7d692',
|
|
|
|
'javelin-router' => '29274e2b',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-stratcom' => '8b0ad945',
|
|
|
|
'javelin-tokenizer' => 'a5b67173',
|
|
|
|
'javelin-typeahead' => '61f72a3d',
|
|
|
|
'javelin-typeahead-composite-source' => '503e17fd',
|
|
|
|
'javelin-typeahead-normalizer' => 'aa93c7b0',
|
|
|
|
'javelin-typeahead-ondemand-source' => '8b3fd187',
|
|
|
|
'javelin-typeahead-preloaded-source' => '54f314a0',
|
|
|
|
'javelin-typeahead-source' => '210aa43b',
|
|
|
|
'javelin-typeahead-static-source' => '316b8fa1',
|
|
|
|
'javelin-uri' => '6eff08aa',
|
|
|
|
'javelin-util' => 'a23de73d',
|
|
|
|
'javelin-vector' => '23cbb8ac',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-view' => '0f764c35',
|
|
|
|
'javelin-view-html' => 'e5b406f9',
|
2014-01-01 16:46:25 +01:00
|
|
|
'javelin-view-interpreter' => '0c33c1a0',
|
2014-02-27 20:06:55 +01:00
|
|
|
'javelin-view-renderer' => '6c2b09a2',
|
|
|
|
'javelin-view-visitor' => 'efe49472',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'javelin-workflow' => 'd149e002',
|
2014-02-27 20:06:55 +01:00
|
|
|
'lightbox-attachment-css' => '7acac05d',
|
|
|
|
'maniphest-batch-editor' => '8f380ebc',
|
2014-01-01 16:46:25 +01:00
|
|
|
'maniphest-report-css' => '6fc16517',
|
|
|
|
'maniphest-task-edit-css' => '8e23031b',
|
2014-05-24 06:48:15 +02:00
|
|
|
'maniphest-task-summary-css' => '00c3be7a',
|
2014-06-23 19:35:39 +02:00
|
|
|
'multirow-row-manager' => '41e47dea',
|
|
|
|
'owners-path-editor' => 'aa1733d0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'owners-path-editor-css' => '2f00933b',
|
|
|
|
'paste-css' => 'aa1767d1',
|
|
|
|
'path-typeahead' => 'f7fc67ec',
|
2014-02-27 20:06:55 +01:00
|
|
|
'people-profile-css' => 'ba7b2762',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phabricator-action-list-view-css' => '9ee9910a',
|
2014-06-13 06:49:19 +02:00
|
|
|
'phabricator-application-launch-view-css' => '8b7e271d',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-busy' => '6453c869',
|
2014-02-12 18:55:53 +01:00
|
|
|
'phabricator-chatlog-css' => '852140ff',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-content-source-view-css' => '4b8b05d4',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'phabricator-core-css' => '40151074',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-countdown-css' => '86b7b0a0',
|
2014-06-10 01:06:20 +02:00
|
|
|
'phabricator-crumbs-view-css' => '7fbf25b8',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phabricator-dashboard-css' => 'a2bfdcbf',
|
2014-06-21 19:04:46 +02:00
|
|
|
'phabricator-drag-and-drop-file-upload' => '1d8ad5c3',
|
2014-06-23 19:35:39 +02:00
|
|
|
'phabricator-draggable-list' => '2cad29d1',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-fatal-config-template-css' => '25d446d6',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phabricator-feed-css' => '4e544db4',
|
2014-02-27 20:06:55 +01:00
|
|
|
'phabricator-file-upload' => 'a4ae61bf',
|
2014-05-30 01:04:50 +02:00
|
|
|
'phabricator-filetree-view-css' => 'fccf9f82',
|
2014-01-06 06:47:21 +01:00
|
|
|
'phabricator-flag-css' => '5337623f',
|
2014-06-23 19:35:39 +02:00
|
|
|
'phabricator-hovercard' => '7e8468ae',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phabricator-hovercard-view-css' => '893f4783',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-keyboard-shortcut' => '1ae869f2',
|
|
|
|
'phabricator-keyboard-shortcut-manager' => 'ad7a69ca',
|
2014-06-22 21:34:08 +02:00
|
|
|
'phabricator-main-menu-view' => 'aceca0e9',
|
2014-05-26 01:38:32 +02:00
|
|
|
'phabricator-nav-view-css' => '9283c2df',
|
2014-02-27 20:06:55 +01:00
|
|
|
'phabricator-notification' => '0c6946e7',
|
2014-04-28 02:31:35 +02:00
|
|
|
'phabricator-notification-css' => 'ef2c9b34',
|
2014-06-24 01:26:16 +02:00
|
|
|
'phabricator-notification-menu-css' => '8ae4a008',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-object-selector-css' => '029a133d',
|
|
|
|
'phabricator-phtize' => 'd254d646',
|
2014-05-19 01:10:54 +02:00
|
|
|
'phabricator-prefab' => '41ed7994',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phabricator-profile-css' => 'b459416e',
|
2014-06-27 19:29:43 +02:00
|
|
|
'phabricator-remarkup-css' => 'ad4c0676',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-search-results-css' => 'f240504c',
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'phabricator-shaped-request' => '7cbe244b',
|
2014-05-31 06:03:23 +02:00
|
|
|
'phabricator-side-menu-view-css' => 'a2ccd7bd',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-slowvote-css' => '266df6a1',
|
2014-06-12 00:48:52 +02:00
|
|
|
'phabricator-source-code-view-css' => '7d346aa4',
|
2014-01-06 06:47:21 +01:00
|
|
|
'phabricator-standard-page-view' => '517cdfb1',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-textareautils' => 'b3ec3cfc',
|
2014-04-12 14:55:12 +02:00
|
|
|
'phabricator-tooltip' => '3915d490',
|
2014-06-22 20:37:52 +02:00
|
|
|
'phabricator-transaction-view-css' => '5d0cae25',
|
2014-04-23 03:29:14 +02:00
|
|
|
'phabricator-ui-example-css' => '528b19de',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phabricator-uiexample-javelin-view' => 'd4a14807',
|
2014-06-23 19:35:39 +02:00
|
|
|
'phabricator-uiexample-reactor-button' => 'd19198c8',
|
2014-06-23 19:27:47 +02:00
|
|
|
'phabricator-uiexample-reactor-checkbox' => '519705ea',
|
|
|
|
'phabricator-uiexample-reactor-focus' => '40a6a403',
|
|
|
|
'phabricator-uiexample-reactor-input' => '886fd850',
|
2014-06-23 19:35:39 +02:00
|
|
|
'phabricator-uiexample-reactor-mouseover' => '47c794d8',
|
2014-06-23 19:27:47 +02:00
|
|
|
'phabricator-uiexample-reactor-radio' => '988040b4',
|
|
|
|
'phabricator-uiexample-reactor-select' => 'a155550f',
|
|
|
|
'phabricator-uiexample-reactor-sendclass' => '1def2711',
|
|
|
|
'phabricator-uiexample-reactor-sendproperties' => 'b1f0ccee',
|
2014-06-25 05:21:27 +02:00
|
|
|
'phabricator-zindex-css' => 'd1c137f2',
|
2014-04-30 22:19:14 +02:00
|
|
|
'phame-css' => '19ecc703',
|
2014-06-25 00:23:57 +02:00
|
|
|
'pholio-css' => '47dffb9c',
|
2014-06-16 00:00:43 +02:00
|
|
|
'pholio-edit-css' => '3ad9d1ee',
|
2014-06-25 00:23:57 +02:00
|
|
|
'pholio-inline-comments-css' => '8e545e49',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phortune-credit-card-form' => '2290aeef',
|
2014-01-06 06:47:21 +01:00
|
|
|
'phortune-credit-card-form-css' => 'b25b4beb',
|
|
|
|
'phrequent-css' => 'ffc185ad',
|
2014-03-30 20:18:49 +02:00
|
|
|
'phriction-document-css' => '7d7f0071',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phui-action-header-view-css' => '83e2cc86',
|
2014-04-18 15:44:45 +02:00
|
|
|
'phui-box-css' => '7b3a2eed',
|
2014-06-13 03:15:11 +02:00
|
|
|
'phui-button-css' => 'c7412aa1',
|
2014-02-24 19:04:23 +01:00
|
|
|
'phui-calendar-css' => '5e1ad989',
|
|
|
|
'phui-calendar-day-css' => 'de035c8a',
|
|
|
|
'phui-calendar-list-css' => 'c1d0ca59',
|
Fixing z-index on calendar date badges.
Summary: Fixes T4787, decreased z-index on calendar badges so that they don't sit on top of notification dropdowns when dropdowns are expanded. Not sure why the badges had z-index 10, but please let me know if there was a more substantial reason for this.
Test Plan: If neither notification dropdowns have content, create enough messages to populate at least 5 rows, open calendar, expand messages dropdown, verify that underlying calendar date badges do not appear over the dropdown.
Reviewers: chad, #blessed_reviewers, epriestley
Reviewed By: #blessed_reviewers, epriestley
Subscribers: epriestley, Korvin
Maniphest Tasks: T4787
Differential Revision: https://secure.phabricator.com/D8770
2014-04-13 17:18:16 +02:00
|
|
|
'phui-calendar-month-css' => 'a92e47d2',
|
2014-06-05 00:41:05 +02:00
|
|
|
'phui-document-view-css' => 'a5615198',
|
2014-05-21 20:37:36 +02:00
|
|
|
'phui-feed-story-css' => 'e2c9bc83',
|
2014-05-29 05:56:20 +02:00
|
|
|
'phui-font-icon-base-css' => 'eb84f033',
|
2014-07-04 18:41:27 +02:00
|
|
|
'phui-fontkit-css' => 'abeb59f0',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phui-form-css' => 'b78ec020',
|
2014-06-26 18:41:07 +02:00
|
|
|
'phui-form-view-css' => 'ebac1b1d',
|
2014-06-27 17:28:33 +02:00
|
|
|
'phui-header-view-css' => '39594ac0',
|
2014-06-04 21:53:32 +02:00
|
|
|
'phui-icon-view-css' => 'd8526aa1',
|
2014-06-19 20:28:01 +02:00
|
|
|
'phui-image-mask-css' => '5a8b09c8',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phui-info-panel-css' => '27ea50a1',
|
2014-05-29 05:56:20 +02:00
|
|
|
'phui-list-view-css' => '43ed2d93',
|
2014-06-24 18:39:32 +02:00
|
|
|
'phui-object-box-css' => 'e9f7e938',
|
2014-06-25 00:10:19 +02:00
|
|
|
'phui-object-item-list-view-css' => '7ac40b5a',
|
2014-06-27 18:39:13 +02:00
|
|
|
'phui-pinboard-view-css' => '3dd4a269',
|
2014-05-22 21:04:11 +02:00
|
|
|
'phui-property-list-view-css' => '2f7199e8',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phui-remarkup-preview-css' => '19ad512b',
|
|
|
|
'phui-spacing-css' => '042804d6',
|
|
|
|
'phui-status-list-view-css' => '2f562399',
|
2014-06-28 06:04:07 +02:00
|
|
|
'phui-tag-view-css' => '1e8aeb04',
|
2014-01-01 16:46:25 +01:00
|
|
|
'phui-text-css' => '23e9b4b7',
|
2014-05-29 05:56:20 +02:00
|
|
|
'phui-timeline-view-css' => 'bbd990d0',
|
2014-05-08 23:21:32 +02:00
|
|
|
'phui-workboard-view-css' => '2bf82d00',
|
2014-06-26 05:55:10 +02:00
|
|
|
'phui-workpanel-view-css' => 'ed2a2162',
|
2014-05-05 19:57:23 +02:00
|
|
|
'phuix-action-list-view' => 'b5c256b8',
|
2014-05-19 01:10:54 +02:00
|
|
|
'phuix-action-view' => '6e8cefa4',
|
2014-05-05 19:57:23 +02:00
|
|
|
'phuix-dropdown-menu' => 'bd4c8dca',
|
2014-01-01 16:46:25 +01:00
|
|
|
'policy-css' => '957ea14c',
|
|
|
|
'policy-edit-css' => '05cca26a',
|
2014-04-29 19:43:38 +02:00
|
|
|
'policy-transaction-detail-css' => '82100a43',
|
2014-01-01 16:46:25 +01:00
|
|
|
'ponder-comment-table-css' => '6cdccea7',
|
|
|
|
'ponder-feed-view-css' => 'e62615b6',
|
|
|
|
'ponder-post-css' => 'ebab8a70',
|
|
|
|
'ponder-vote-css' => '8ed6ed8b',
|
2014-05-24 06:48:15 +02:00
|
|
|
'project-icon-css' => 'c2ecb7f1',
|
2014-01-01 16:46:25 +01:00
|
|
|
'raphael-core' => '51ee6b43',
|
|
|
|
'raphael-g' => '40dde778',
|
|
|
|
'raphael-g-line' => '40da039e',
|
2014-04-18 15:44:45 +02:00
|
|
|
'releeph-core' => '9b3c5733',
|
2014-04-14 21:06:56 +02:00
|
|
|
'releeph-preview-branch' => 'b7a6f4a5',
|
2014-01-01 16:46:25 +01:00
|
|
|
'releeph-request-differential-create-dialog' => '8d8b92cd',
|
|
|
|
'releeph-request-typeahead-css' => '667a48ae',
|
2014-02-18 01:00:19 +01:00
|
|
|
'setup-issue-css' => '69e640e7',
|
2014-05-27 07:12:17 +02:00
|
|
|
'sprite-apps-css' => '37ee4f4e',
|
|
|
|
'sprite-apps-large-css' => '12ea1ced',
|
2014-02-17 19:06:16 +01:00
|
|
|
'sprite-conpherence-css' => '3b4a0487',
|
|
|
|
'sprite-docs-css' => '5f65d0da',
|
2014-06-24 18:39:32 +02:00
|
|
|
'sprite-gradient-css' => '4bdb98a7',
|
2014-06-28 06:04:07 +02:00
|
|
|
'sprite-login-css' => '878ee4d8',
|
2014-02-17 19:06:16 +01:00
|
|
|
'sprite-main-header-css' => '92720ee2',
|
2014-06-10 01:06:20 +02:00
|
|
|
'sprite-menu-css' => '28281e16',
|
2014-02-17 19:06:16 +01:00
|
|
|
'sprite-minicons-css' => 'df4f76fe',
|
|
|
|
'sprite-payments-css' => 'cc085d44',
|
|
|
|
'sprite-projects-css' => '7578fa56',
|
|
|
|
'sprite-tokens-css' => '1706b943',
|
2014-01-01 16:46:25 +01:00
|
|
|
'syntax-highlighting-css' => '3c18c1cb',
|
2014-05-05 19:54:34 +02:00
|
|
|
'tokens-css' => '3d0f239e',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'requires' =>
|
|
|
|
array(
|
2014-02-27 20:06:55 +01:00
|
|
|
'00861799' =>
|
Fix an async display issue for tokenizer/typeahead results
Summary:
Ref T4420. After the changes to the tokenizer, I sometimes do this:
- Type something like "diff" into a project typeahead.
- Select "differential".
- A fraction of a second later, the typeahead pops back open.
This is because I selected the result from a partial query (like "diff" running against the "di" results) and then the full results of the "diff" query came back to the browser.
Instead, when showing results, require that the current state match the state that the results are for: don't show "dog" results if the tokenizer now reads "cat", for whatever reason.
Test Plan: Added a 1s delay to results, typed "a", then typed "m" and selected a result in less than a second. Prior to the patch, the tokenizer would pop back open with "am" results afterward. Now, it doesn't.
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran
Maniphest Tasks: T4420
Differential Revision: https://secure.phabricator.com/D8250
2014-02-16 22:15:37 +01:00
|
|
|
array(
|
2014-02-27 20:06:55 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
4 => 'javelin-vector',
|
|
|
|
5 => 'differential-inline-comment-editor',
|
Fix an async display issue for tokenizer/typeahead results
Summary:
Ref T4420. After the changes to the tokenizer, I sometimes do this:
- Type something like "diff" into a project typeahead.
- Select "differential".
- A fraction of a second later, the typeahead pops back open.
This is because I selected the result from a partial query (like "diff" running against the "di" results) and then the full results of the "diff" query came back to the browser.
Instead, when showing results, require that the current state match the state that the results are for: don't show "dog" results if the tokenizer now reads "cat", for whatever reason.
Test Plan: Added a 1s delay to results, typed "a", then typed "m" and selected a result in less than a second. Prior to the patch, the tokenizer would pop back open with "am" results afterward. Now, it doesn't.
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran
Maniphest Tasks: T4420
Differential Revision: https://secure.phabricator.com/D8250
2014-02-16 22:15:37 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'029a133d' =>
|
|
|
|
array(
|
|
|
|
0 => 'aphront-dialog-view-css',
|
|
|
|
),
|
|
|
|
'03d6ed07' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-install',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'065227cc' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'06e05112' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-vector',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'0720f2cf' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-mask',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-busy',
|
|
|
|
),
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'0a3f3021' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-workflow',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-router',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'0c33c1a0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-view',
|
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'0c6946e7' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
4 => 'phabricator-notification-css',
|
|
|
|
),
|
2014-06-25 21:30:53 +02:00
|
|
|
'0ec56e1d' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'phuix-dropdown-menu',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'0f764c35' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
),
|
2014-06-06 02:16:36 +02:00
|
|
|
'0f81f8df' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-util',
|
|
|
|
1 => 'javelin-uri',
|
|
|
|
2 => 'javelin-install',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'127f2018' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
3 => 'javelin-request',
|
2014-01-01 16:46:25 +01:00
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-shaped-request',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'14a827de' =>
|
2014-01-01 16:46:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-json',
|
|
|
|
4 => 'phabricator-draggable-list',
|
2014-01-01 16:46:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'14d7a8b8' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-behavior-device',
|
2014-02-27 20:06:55 +01:00
|
|
|
2 => 'javelin-stratcom',
|
2014-06-23 19:27:47 +02:00
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-magical-init',
|
|
|
|
5 => 'javelin-vector',
|
|
|
|
6 => 'javelin-request',
|
|
|
|
7 => 'javelin-util',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'152178f0' =>
|
2014-01-01 16:46:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-vector',
|
|
|
|
5 => 'javelin-magical-init',
|
|
|
|
6 => 'javelin-request',
|
|
|
|
7 => 'javelin-history',
|
|
|
|
8 => 'javelin-workflow',
|
|
|
|
9 => 'javelin-mask',
|
|
|
|
10 => 'javelin-behavior-device',
|
|
|
|
11 => 'phabricator-keyboard-shortcut',
|
|
|
|
),
|
|
|
|
'1693a296' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'phortune-credit-card-form',
|
2014-01-01 16:46:25 +01:00
|
|
|
),
|
|
|
|
'1ae869f2' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'phabricator-keyboard-shortcut-manager',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'1cb113dc' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-workflow',
|
|
|
|
5 => 'phabricator-draggable-list',
|
|
|
|
),
|
2014-06-21 19:04:46 +02:00
|
|
|
'1d8ad5c3' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-request',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-uri',
|
|
|
|
5 => 'phabricator-file-upload',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'1def2711' =>
|
2014-06-11 22:52:15 +02:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-install',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-reactor-dom',
|
2014-06-20 20:49:41 +02:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'1ffb3a9c' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-util',
|
|
|
|
1 => 'javelin-magical-init',
|
|
|
|
),
|
|
|
|
'210aa43b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-typeahead-normalizer',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'2290aeef' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-json',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'22e16ae7' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:35:39 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-vector',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'23cbb8ac' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-event',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'2926fff2' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'29274e2b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
),
|
2014-05-12 20:53:31 +02:00
|
|
|
'2b228192' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-json',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'2cad29d1' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
4 => 'javelin-vector',
|
|
|
|
5 => 'javelin-magical-init',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'2fa810fc' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-view-renderer',
|
|
|
|
3 => 'javelin-install',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'316b8fa1' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-typeahead-source',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'357b6e9b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-request',
|
|
|
|
5 => 'phabricator-keyboard-shortcut',
|
|
|
|
),
|
2014-06-06 02:16:36 +02:00
|
|
|
'361e3ed3' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
2014-06-06 02:16:36 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'3672899b' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-uri',
|
|
|
|
3 => 'javelin-mask',
|
|
|
|
4 => 'phabricator-drag-and-drop-file-upload',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-04-12 14:55:12 +02:00
|
|
|
'3915d490' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'39841ead' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-request',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'3ab51e2c' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-behavior-device',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-dom',
|
|
|
|
5 => 'javelin-magical-init',
|
|
|
|
),
|
|
|
|
'3b1557b3' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'3b3e1664' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'phortune-credit-card-form',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'3d51a746' =>
|
2014-06-16 21:27:12 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'javelin-uri',
|
|
|
|
),
|
2014-06-26 18:41:07 +02:00
|
|
|
'3ee3408b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-behavior-device',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'phabricator-tooltip',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'40a6a403' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
2014-06-16 21:27:12 +02:00
|
|
|
),
|
2014-05-05 19:57:23 +02:00
|
|
|
'40b1ff90' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-notification',
|
|
|
|
6 => 'javelin-behavior-device',
|
|
|
|
7 => 'phuix-dropdown-menu',
|
|
|
|
8 => 'phuix-action-list-view',
|
|
|
|
9 => 'phuix-action-view',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'41e47dea' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
),
|
2014-05-19 01:10:54 +02:00
|
|
|
'41ed7994' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-typeahead',
|
|
|
|
4 => 'javelin-tokenizer',
|
|
|
|
5 => 'javelin-typeahead-preloaded-source',
|
|
|
|
6 => 'javelin-typeahead-ondemand-source',
|
|
|
|
7 => 'javelin-dom',
|
|
|
|
8 => 'javelin-stratcom',
|
|
|
|
9 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'44168bad' =>
|
2014-05-19 23:04:26 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'phabricator-prefab',
|
2014-03-12 19:29:48 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'469c0d9e' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-workflow',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'47c794d8' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
|
|
|
),
|
2014-06-24 01:26:16 +02:00
|
|
|
'4a07e8e3' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
),
|
2014-05-05 19:57:23 +02:00
|
|
|
'4d94d9c3' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'phuix-dropdown-menu',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'4e3e79a6' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
|
|
|
'4e9b766b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-request',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-07-01 20:04:05 +02:00
|
|
|
'4fdb476d' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'503e17fd' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-typeahead-source',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'519705ea' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'54b612ba' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-color',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'54f314a0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-request',
|
|
|
|
3 => 'javelin-typeahead-source',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'558829c2' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-stratcom',
|
|
|
|
1 => 'javelin-behavior',
|
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
),
|
Allow Herald to "Require legal signatures" for reviews
Summary:
Ref T3116. Add a Herald action "Require legal signatures" which requires revision authors to accept legal agreements before their revisions can be accepted.
- Herald will check which documents the author has signed, and trigger a "you have to sign X, Y, Z" for other documents.
- If the author has already signed everything, we don't spam the revision -- basically, this only triggers when signatures are missing.
- The UI will show which documents must be signed and warn that the revision can't be accepted until they're completed.
- Users aren't allowed to "Accept" the revision until documents are cleared.
Fixes T1157. The original install making the request (Hive) no longer uses Phabricator, and this satisfies our requirements.
Test Plan:
- Added a Herald rule.
- Created a revision, saw the rule trigger.
- Viewed as author and non-author, saw field UI (generic for non-author, specific for author), transaction UI, and accept-warning UI.
- Tried to accept revision.
- Signed document, saw UI update. Note that signatures don't currently //push// an update to the revision, but could eventually (like blocking tasks work).
- Accepted revision.
- Created another revision, saw rules not add the document (since it's already signed, this is the "no spam" case).
Reviewers: btrahan, chad
Reviewed By: chad
Subscribers: asherkin, epriestley
Maniphest Tasks: T1157, T3116
Differential Revision: https://secure.phabricator.com/D9771
2014-06-29 16:53:53 +02:00
|
|
|
'58e048fc' =>
|
|
|
|
array(
|
|
|
|
0 => 'multirow-row-manager',
|
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-stratcom',
|
|
|
|
5 => 'javelin-json',
|
|
|
|
6 => 'phabricator-prefab',
|
|
|
|
),
|
2014-06-24 01:26:16 +02:00
|
|
|
'58f7803f' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-aphlict',
|
|
|
|
2 => 'phabricator-phtize',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'59b251eb' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'5a376f34' =>
|
2014-05-13 23:09:00 +02:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-typeahead-ondemand-source',
|
|
|
|
2 => 'javelin-typeahead',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-uri',
|
|
|
|
5 => 'javelin-util',
|
|
|
|
6 => 'javelin-stratcom',
|
2014-05-13 23:09:00 +02:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'5bc2cb21' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'5fefb143' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-workflow',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
),
|
|
|
|
'60821bc7' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-26 18:41:07 +02:00
|
|
|
'6153c708' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'61cbc29a' =>
|
2014-06-24 00:19:34 +02:00
|
|
|
array(
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
0 => 'javelin-magical-init',
|
2014-06-24 00:19:34 +02:00
|
|
|
1 => 'javelin-util',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'61f72a3d' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'6453c869' =>
|
2014-05-13 23:09:00 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-fx',
|
2014-05-13 23:09:00 +02:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'69adf288' =>
|
2014-05-14 17:53:11 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'6b3dcf44' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'6c2b09a2' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-02-27 20:06:55 +01:00
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-05-13 23:09:00 +02:00
|
|
|
'6d3e1947' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-05-13 23:09:00 +02:00
|
|
|
1 => 'javelin-diffusion-locate-file-source',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-dom',
|
2014-05-13 23:09:00 +02:00
|
|
|
3 => 'javelin-typeahead',
|
|
|
|
4 => 'javelin-uri',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-05-19 01:10:54 +02:00
|
|
|
'6e8cefa4' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'6eff08aa' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
),
|
2014-06-20 20:49:41 +02:00
|
|
|
'710f209e' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-workflow',
|
|
|
|
5 => 'phuix-dropdown-menu',
|
|
|
|
6 => 'phuix-action-list-view',
|
|
|
|
7 => 'phuix-action-view',
|
|
|
|
8 => 'phabricator-phtize',
|
|
|
|
9 => 'changeset-view-manager',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'71f66c08' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:35:39 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-workflow',
|
2014-06-23 19:27:47 +02:00
|
|
|
3 => 'javelin-dom',
|
2014-06-23 19:35:39 +02:00
|
|
|
4 => 'javelin-uri',
|
|
|
|
5 => 'phabricator-textareautils',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-06-20 20:49:41 +02:00
|
|
|
'7319e029' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'76b9fc3e' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-workflow',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'phabricator-draggable-list',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'76f4ebed' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-reactor',
|
|
|
|
2 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'77b1cf6f' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'7814b593' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-request',
|
|
|
|
1 => 'javelin-behavior',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-router',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-busy',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'7a68dda3' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'owners-path-editor',
|
|
|
|
1 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'7a9677fc' =>
|
|
|
|
array(
|
|
|
|
0 => 'phabricator-notification',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-behavior',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'7b98d7c5' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-02-14 19:23:07 +01:00
|
|
|
'7c273581' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'7cbe244b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-request',
|
|
|
|
3 => 'javelin-router',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'7e41274a' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'7e8468ae' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-request',
|
|
|
|
4 => 'javelin-uri',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'7ebaeed3' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'herald-rule-editor',
|
|
|
|
1 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Fix some issues where Conpherence would make to many draft requests
Summary:
A few minor fixes:
- When we build a tag with `"meta" => null`, strip the attribute like we do for all other attributes. Previously, we would actually set the metadata to `null`. This happened with the Conpherence form.
- Just respond to the draft request with an empty (but valid) response, instead of building a dialog.
- `PhabricatorShapedRequest` is confusingly named and I should have caught this in review, but the basic shape of it is:
- You make one object.
- You call `trigger()` when stuff changes (e.g., a keystroke).
- It manages making a small number of requests (e.g., one request after the user stops typing for a moment).
- The way it was being used previously would incorrectly send a request for every keystroke.
I think I'm going to simplify `ShapedRequest` and merge it into some larger queue for T430.
Test Plan: Typed some text, no longer saw a flurry of requests. Reloaded page, still saw draft text.
Reviewers: btrahan, chad
Reviewed By: chad
CC: aran, chad
Differential Revision: https://secure.phabricator.com/D8380
2014-03-01 20:23:08 +01:00
|
|
|
'7ee2b591' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-history',
|
|
|
|
),
|
2014-05-29 05:56:20 +02:00
|
|
|
'82ce2142' =>
|
|
|
|
array(
|
|
|
|
0 => 'aphront-typeahead-control-css',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'84845b5b' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'phabricator-draggable-list',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'85ab3c8e' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-stratcom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'85ea0626' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'880fa5ac' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'88236f00' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'phabricator-keyboard-shortcut',
|
2014-01-01 03:04:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'886fd850' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-reactor-dom',
|
|
|
|
2 => 'javelin-view-html',
|
|
|
|
3 => 'javelin-view-interpreter',
|
|
|
|
4 => 'javelin-view-renderer',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'8a41885b' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
),
|
|
|
|
'8b0ad945' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-event',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-magical-init',
|
|
|
|
),
|
|
|
|
'8b3fd187' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-util',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
2 => 'javelin-request',
|
|
|
|
3 => 'javelin-typeahead-source',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'8d199d97' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'phabricator-keyboard-shortcut',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'8ef9ab58' =>
|
2014-06-19 20:28:01 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-dom',
|
2014-06-19 20:28:01 +02:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'8fc1c918' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-uri',
|
|
|
|
2 => 'phabricator-notification',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'92918fcb' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'multirow-row-manager',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
4 => 'phabricator-prefab',
|
|
|
|
5 => 'javelin-tokenizer',
|
|
|
|
6 => 'javelin-typeahead',
|
|
|
|
7 => 'javelin-typeahead-preloaded-source',
|
|
|
|
8 => 'javelin-json',
|
|
|
|
),
|
|
|
|
'92eb531d' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'phabricator-drag-and-drop-file-upload',
|
|
|
|
3 => 'phabricator-textareautils',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'9414ff18' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-resource',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'97258e55' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-behavior',
|
|
|
|
4 => 'javelin-json',
|
|
|
|
5 => 'javelin-dom',
|
|
|
|
6 => 'javelin-resource',
|
|
|
|
7 => 'javelin-routable',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'988040b4' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'9c2623f4' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'phabricator-phtize',
|
|
|
|
5 => 'phabricator-drag-and-drop-file-upload',
|
|
|
|
6 => 'phabricator-draggable-list',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'9db3d160' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-vector',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-21 21:50:40 +02:00
|
|
|
'9f7309fb' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-request',
|
|
|
|
4 => 'phabricator-shaped-request',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'a155550f' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'a3e2244e' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'a4ae61bf' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'phabricator-notification',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'a5573bcd' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-vector',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'a5b67173' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-dom',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-install',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'a5d7cf86' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
0 => 'javelin-dom',
|
2014-02-27 20:06:55 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'a80d0378' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
2014-06-24 00:19:34 +02:00
|
|
|
'a826c925' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-aphlict',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-request',
|
|
|
|
4 => 'javelin-uri',
|
|
|
|
5 => 'javelin-dom',
|
|
|
|
6 => 'javelin-json',
|
|
|
|
7 => 'javelin-router',
|
|
|
|
8 => 'javelin-util',
|
|
|
|
9 => 'phabricator-notification',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'a8d8459d' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'a8da01f0' =>
|
2014-05-29 23:20:16 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-uri',
|
|
|
|
2 => 'phabricator-keyboard-shortcut',
|
2014-05-29 23:20:16 +02:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'a9f88de2' =>
|
2014-04-04 21:23:22 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-fx',
|
|
|
|
5 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'aa1733d0' =>
|
|
|
|
array(
|
|
|
|
0 => 'multirow-row-manager',
|
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'path-typeahead',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-prefab',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'aa93c7b0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'ab836011' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-util',
|
|
|
|
5 => 'phabricator-keyboard-shortcut',
|
2014-04-04 21:23:22 +02:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'ab8d2723' =>
|
2014-06-11 19:39:23 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'phortune-credit-card-form',
|
2014-06-11 19:39:23 +02:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'ad7a69ca' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-vector',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'b1f0ccee' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-reactor-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'b2b4fbaf' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-uri',
|
|
|
|
3 => 'javelin-request',
|
|
|
|
),
|
|
|
|
'b3a4b884' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'phabricator-prefab',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Provide a global router for Ajax requests
Summary:
Fixes T430. Fixes T4834. Obsoletes D7641. Currently, we do some things less-well than we could:
- We just let the browser queue and prioritize requests, so if you load a revision with 50 changes and then click "Award Token", the action blocks until the changes load in most/all browsers. It would be better to prioritize this action and queue it immediately.
- Similarly, changes tend to load in order, even if the user has clicked to a specific file. When the user expresses a preference for a specific file, we should prioritize it.
- We show a spinning GIF when waiting on requests. This is appropriate for some types of reuqests, but distracting for others.
To fix this:
- Queue all (or, at least, most) requests into a new queue in JX.Router.
- JX.Router handles prioritizing the requests. Principally:
- You can submit a request with a specific priority (500 = general content loading, 1000 = default, 2000 = explicit user action) and JX.Router will get the higher stuff fired off sooner.
- You can name requests and then adjust their prorities later, if the user expresses an interest in specific results.
- Only use the spinner gif for "workflow" requests, which is bascially when the user clicked something and we're waiting on the server. I think it's useful and not-annoying in this case.
- Don't show any status for draft requests.
- For content requests, show a subtle hipster-style top loading bar.
Test Plan:
- Viewed a diff with 93 changes, and clicked award token.
- Prior to this patch, the action took many many seconds to resolve.
- After this patch, it resolves quickly.
- Viewed a diff with 93 changes and saw a pleasant subtle hipster-style loading bar.
- Viewed a diff with 93 changes and typed some draft text. Previews populated fairly quickly and there was no spinner.
- Viewed a diff with 93 changes and clicked something with workflow, saw a spinner after a moment.
- Viewed a diff with 93 changes and clicked a file in the table of contents near the end of the list.
- Prior to this patch, it took a long time to show up.
- After this patch, it loads directly.
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T430, T4834
Differential Revision: https://secure.phabricator.com/D8979
2014-05-05 19:57:42 +02:00
|
|
|
'b3e7d692' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'b3ec3cfc' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'b42eddc7' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-typeahead-preloaded-source',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'b4c30592' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-reactor',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-reactor-node-calmer',
|
|
|
|
),
|
2014-05-05 19:57:23 +02:00
|
|
|
'b5c256b8' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'b6d401d6' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-dom',
|
|
|
|
1 => 'javelin-dynval',
|
|
|
|
2 => 'javelin-reactor',
|
|
|
|
3 => 'javelin-reactornode',
|
|
|
|
4 => 'javelin-install',
|
|
|
|
5 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'b716477f' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-06-23 19:27:47 +02:00
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-workflow',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'phabricator-draggable-list',
|
2014-01-01 16:46:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'bba9eedf' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
2014-05-05 19:57:23 +02:00
|
|
|
'bd4c8dca' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-stratcom',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'bdaf4d04' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-02-27 20:06:55 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-request',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Consolidate changeset rendering logic
Summary:
Ref T5179. Currently, all the changeset rendering logic is in the "populate" behavior, and a lot of it comes in via configuration and is hard to get at.
Instead, surface an object which can control it, and which other behaviors can access more easily.
In particular, this allows us to add a "Load/Reload" item to the view options menu, which would previously have been very challenging.
Load/Reload isn't useful on its own, but is a step away from "Show whitespace as...", "Highlight as...", "Show tabtops as...", "View Unified", "View Side-By-Side", etc.
Test Plan:
- Viewed Differential.
- Viewed Diffusion.
- Viewed large changesets, clicked "Load".
- Used "Load" and "Reload" from view options menu.
- Loaded all changes in a large diff, verified "Load" and TOC clicks take precedence over other content loads.
- Played with content stability stuff.
Reviewers: btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T5179
Differential Revision: https://secure.phabricator.com/D9286
2014-05-25 16:13:22 +02:00
|
|
|
'bdb3e4d0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'phabricator-tooltip',
|
|
|
|
4 => 'changeset-view-manager',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'be807912' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'phabricator-shaped-request',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'c4569c05' =>
|
2014-01-01 16:46:25 +01:00
|
|
|
array(
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
0 => 'javelin-magical-init',
|
|
|
|
1 => 'javelin-install',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-util',
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-stratcom',
|
2014-02-16 22:15:59 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'c60f4327' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-stratcom',
|
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'javelin-uri',
|
|
|
|
3 => 'javelin-util',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'ca3f91eb' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'phabricator-phtize',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'd149e002' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
0 => 'javelin-stratcom',
|
|
|
|
1 => 'javelin-request',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-install',
|
|
|
|
5 => 'javelin-util',
|
|
|
|
6 => 'javelin-mask',
|
|
|
|
7 => 'javelin-uri',
|
|
|
|
8 => 'javelin-routable',
|
2014-01-27 22:55:01 +01:00
|
|
|
),
|
2014-06-23 19:35:39 +02:00
|
|
|
'd19198c8' =>
|
2014-06-23 19:27:47 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
2014-06-23 19:35:39 +02:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-dynval',
|
|
|
|
4 => 'javelin-reactor-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
),
|
|
|
|
'd254d646' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-util',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'd2907473' =>
|
2014-04-18 15:44:45 +02:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-dom',
|
|
|
|
1 => 'javelin-util',
|
2014-04-18 15:44:45 +02:00
|
|
|
2 => 'javelin-stratcom',
|
2014-06-23 19:27:47 +02:00
|
|
|
3 => 'javelin-install',
|
|
|
|
4 => 'javelin-workflow',
|
|
|
|
5 => 'javelin-router',
|
|
|
|
6 => 'javelin-behavior-device',
|
|
|
|
7 => 'javelin-vector',
|
2014-04-18 15:44:45 +02:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'd4a14807' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-install',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-view',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'd4eecc63' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
),
|
|
|
|
'd6f54db0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-request',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'd75709e6' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-workflow',
|
|
|
|
2 => 'javelin-json',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'phabricator-keyboard-shortcut',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'd835b03a' =>
|
2014-03-27 18:50:54 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
2014-06-23 19:27:47 +02:00
|
|
|
3 => 'phabricator-shaped-request',
|
2014-03-27 18:50:54 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'dd7e8ef5' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-workflow',
|
2014-01-01 03:04:25 +01:00
|
|
|
3 => 'javelin-util',
|
2014-01-01 16:46:25 +01:00
|
|
|
4 => 'javelin-stratcom',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'de2e896f' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-typeahead',
|
|
|
|
3 => 'javelin-typeahead-ondemand-source',
|
|
|
|
4 => 'javelin-dom',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'e10f8e18' =>
|
2014-02-27 20:06:55 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'phabricator-prefab',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'e1ff79b1' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
2014-01-01 03:04:25 +01:00
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
2014-07-01 20:04:05 +02:00
|
|
|
'e32d14ab' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'phabricator-phtize',
|
|
|
|
4 => 'phabricator-textareautils',
|
|
|
|
5 => 'javelin-workflow',
|
|
|
|
6 => 'javelin-vector',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'e379b58e' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-dom',
|
|
|
|
4 => 'javelin-uri',
|
|
|
|
),
|
Introduce CAN_EDIT for ExternalAccount, and make CAN_VIEW more liberal
Summary:
Fixes T3732. Ref T1205. Ref T3116.
External accounts (like emails used as identities, Facebook accounts, LDAP accounts, etc.) are stored in "ExternalAccount" objects.
Currently, we have a very restrictive `CAN_VIEW` policy for ExternalAccounts, to add an extra layer of protection to make sure users can't use them in unintended ways. For example, it would be bad if a user could link their Phabricator account to a Facebook account without proper authentication. All of the controllers which do sensitive things have checks anyway, but a restrictive CAN_VIEW provided an extra layer of protection. Se T3116 for some discussion.
However, this means that when grey/external users take actions (via email, or via applications like Legalpad) other users can't load the account handles and can't see anything about the actor (they just see "Restricted External Account" or similar).
Balancing these concerns is mostly about not making a huge mess while doing it. This seems like a reasonable approach:
- Add `CAN_EDIT` on these objects.
- Make that very restricted, but open up `CAN_VIEW`.
- Require `CAN_EDIT` any time we're going to do something authentication/identity related.
This is slightly easier to get wrong (forget CAN_EDIT) than other approaches, but pretty simple, and we always have extra checks in place anyway -- this is just a safety net.
I'm not quite sure how we should identify external accounts, so for now we're just rendering "Email User" or similar -- clearly not a bug, but not identifying. We can figure out what to render in the long term elsewhere.
Test Plan:
- Viewed external accounts.
- Linked an external account.
- Refreshed an external account.
- Edited profile picture.
- Viewed sessions panel.
- Published a bunch of stuff to Asana/JIRA.
- Legalpad signature page now shows external accounts.
{F171595}
Reviewers: chad, btrahan
Reviewed By: btrahan
Subscribers: epriestley
Maniphest Tasks: T3732, T1205, T3116
Differential Revision: https://secure.phabricator.com/D9767
2014-07-10 19:18:10 +02:00
|
|
|
'e566f52c' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'e5822781' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-02-27 20:06:55 +01:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-json',
|
|
|
|
3 => 'javelin-workflow',
|
|
|
|
4 => 'javelin-magical-init',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'e5b406f9' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-install',
|
2014-02-27 20:06:55 +01:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-view-visitor',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'e9581f08' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-workflow',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
4 => 'phabricator-draggable-list',
|
|
|
|
),
|
|
|
|
'efe49472' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'f0a41b9f' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-workflow',
|
|
|
|
5 => 'javelin-behavior-device',
|
|
|
|
6 => 'javelin-history',
|
|
|
|
7 => 'javelin-vector',
|
|
|
|
8 => 'phabricator-shaped-request',
|
2014-01-01 16:46:25 +01:00
|
|
|
),
|
|
|
|
'f2441746' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-01-01 16:46:25 +01:00
|
|
|
0 => 'javelin-dom',
|
2014-01-01 03:04:25 +01:00
|
|
|
1 => 'javelin-util',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-install',
|
|
|
|
4 => 'javelin-request',
|
|
|
|
5 => 'javelin-workflow',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'f36e01af' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-behavior-device',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'phabricator-hovercard',
|
|
|
|
),
|
2014-05-29 05:56:20 +02:00
|
|
|
'f3fef818' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'phuix-dropdown-menu',
|
|
|
|
4 => 'phuix-action-list-view',
|
|
|
|
5 => 'phuix-action-view',
|
|
|
|
6 => 'javelin-workflow',
|
|
|
|
),
|
2014-06-24 01:26:16 +02:00
|
|
|
'f51afce0' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-request',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
3 => 'javelin-vector',
|
|
|
|
4 => 'javelin-dom',
|
|
|
|
5 => 'javelin-uri',
|
|
|
|
6 => 'javelin-behavior-device',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'f588412e' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'phabricator-prefab',
|
|
|
|
4 => 'multirow-row-manager',
|
|
|
|
5 => 'javelin-json',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'f6555212' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
|
|
|
1 => 'javelin-reactornode',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-reactor',
|
|
|
|
),
|
2014-05-30 19:07:33 +02:00
|
|
|
'f726d506' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-stratcom',
|
|
|
|
2 => 'javelin-dom',
|
|
|
|
3 => 'javelin-history',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'f7379f45' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'phabricator-shaped-request',
|
|
|
|
),
|
2014-02-27 20:06:55 +01:00
|
|
|
'f7f1289f' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-stratcom',
|
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'f7fc67ec' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-install',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-typeahead',
|
2014-01-01 03:04:25 +01:00
|
|
|
2 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
3 => 'javelin-request',
|
|
|
|
4 => 'javelin-typeahead-ondemand-source',
|
|
|
|
5 => 'javelin-util',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
'f8248bc5' =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-json',
|
|
|
|
4 => 'javelin-stratcom',
|
|
|
|
5 => 'phabricator-shaped-request',
|
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'f9539603' =>
|
2014-05-16 04:21:36 +02:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-01-01 16:46:25 +01:00
|
|
|
2 => 'javelin-stratcom',
|
2014-06-23 19:27:47 +02:00
|
|
|
3 => 'javelin-uri',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
'fa0f4fc2' =>
|
2014-03-25 21:49:33 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-vector',
|
|
|
|
3 => 'javelin-magical-init',
|
2014-03-25 21:49:33 +01:00
|
|
|
),
|
2014-01-01 16:46:25 +01:00
|
|
|
42126667 =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
|
|
|
2 => 'javelin-request',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
48086888 =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-06-23 19:27:47 +02:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-workflow',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
2014-06-23 19:27:47 +02:00
|
|
|
60479091 =>
|
|
|
|
array(
|
|
|
|
0 => 'phabricator-busy',
|
|
|
|
1 => 'javelin-behavior',
|
|
|
|
),
|
|
|
|
82439934 =>
|
2014-01-01 03:04:25 +01:00
|
|
|
array(
|
2014-02-27 20:06:55 +01:00
|
|
|
0 => 'javelin-behavior',
|
2014-01-01 16:46:25 +01:00
|
|
|
1 => 'javelin-dom',
|
2014-06-23 19:27:47 +02:00
|
|
|
2 => 'javelin-util',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-workflow',
|
|
|
|
5 => 'phabricator-draggable-list',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
),
|
|
|
|
'packages' =>
|
|
|
|
array(
|
|
|
|
'core.pkg.css' =>
|
|
|
|
array(
|
|
|
|
0 => 'phabricator-core-css',
|
|
|
|
1 => 'phabricator-zindex-css',
|
|
|
|
2 => 'phui-button-css',
|
|
|
|
3 => 'phabricator-standard-page-view',
|
|
|
|
4 => 'aphront-dialog-view-css',
|
|
|
|
5 => 'phui-form-view-css',
|
|
|
|
6 => 'aphront-panel-view-css',
|
|
|
|
7 => 'aphront-table-view-css',
|
|
|
|
8 => 'aphront-tokenizer-control-css',
|
|
|
|
9 => 'aphront-typeahead-control-css',
|
|
|
|
10 => 'aphront-list-filter-view-css',
|
2014-05-26 20:15:28 +02:00
|
|
|
11 => 'phabricator-remarkup-css',
|
|
|
|
12 => 'syntax-highlighting-css',
|
|
|
|
13 => 'aphront-pager-view-css',
|
|
|
|
14 => 'phabricator-transaction-view-css',
|
|
|
|
15 => 'aphront-tooltip-css',
|
|
|
|
16 => 'phabricator-flag-css',
|
|
|
|
17 => 'aphront-error-view-css',
|
2014-06-05 19:37:21 +02:00
|
|
|
18 => 'sprite-gradient-css',
|
|
|
|
19 => 'sprite-menu-css',
|
|
|
|
20 => 'sprite-apps-css',
|
|
|
|
21 => 'sprite-apps-large-css',
|
|
|
|
22 => 'phabricator-main-menu-view',
|
|
|
|
23 => 'phabricator-notification-css',
|
|
|
|
24 => 'phabricator-notification-menu-css',
|
|
|
|
25 => 'lightbox-attachment-css',
|
|
|
|
26 => 'phui-header-view-css',
|
|
|
|
27 => 'phabricator-filetree-view-css',
|
|
|
|
28 => 'phabricator-nav-view-css',
|
|
|
|
29 => 'phabricator-side-menu-view-css',
|
|
|
|
30 => 'phabricator-crumbs-view-css',
|
|
|
|
31 => 'phui-object-item-list-view-css',
|
|
|
|
32 => 'global-drag-and-drop-css',
|
|
|
|
33 => 'phui-spacing-css',
|
|
|
|
34 => 'phui-form-css',
|
|
|
|
35 => 'phui-icon-view-css',
|
|
|
|
36 => 'phabricator-application-launch-view-css',
|
|
|
|
37 => 'phabricator-action-list-view-css',
|
|
|
|
38 => 'phui-property-list-view-css',
|
|
|
|
39 => 'phui-tag-view-css',
|
|
|
|
40 => 'phui-list-view-css',
|
|
|
|
41 => 'font-fontawesome',
|
|
|
|
42 => 'phui-font-icon-base-css',
|
|
|
|
43 => 'sprite-main-header-css',
|
|
|
|
44 => 'phui-box-css',
|
|
|
|
45 => 'phui-object-box-css',
|
|
|
|
46 => 'phui-timeline-view-css',
|
|
|
|
47 => 'sprite-tokens-css',
|
|
|
|
48 => 'tokens-css',
|
|
|
|
49 => 'phui-status-list-view-css',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'core.pkg.js' =>
|
|
|
|
array(
|
2014-05-22 19:47:00 +02:00
|
|
|
0 => 'javelin-util',
|
|
|
|
1 => 'javelin-install',
|
|
|
|
2 => 'javelin-event',
|
|
|
|
3 => 'javelin-stratcom',
|
|
|
|
4 => 'javelin-behavior',
|
|
|
|
5 => 'javelin-resource',
|
|
|
|
6 => 'javelin-request',
|
|
|
|
7 => 'javelin-vector',
|
|
|
|
8 => 'javelin-dom',
|
|
|
|
9 => 'javelin-json',
|
|
|
|
10 => 'javelin-uri',
|
|
|
|
11 => 'javelin-workflow',
|
|
|
|
12 => 'javelin-mask',
|
|
|
|
13 => 'javelin-typeahead',
|
|
|
|
14 => 'javelin-typeahead-normalizer',
|
|
|
|
15 => 'javelin-typeahead-source',
|
|
|
|
16 => 'javelin-typeahead-preloaded-source',
|
|
|
|
17 => 'javelin-typeahead-ondemand-source',
|
|
|
|
18 => 'javelin-tokenizer',
|
|
|
|
19 => 'javelin-history',
|
|
|
|
20 => 'javelin-router',
|
|
|
|
21 => 'javelin-routable',
|
|
|
|
22 => 'javelin-behavior-aphront-basic-tokenizer',
|
|
|
|
23 => 'javelin-behavior-workflow',
|
|
|
|
24 => 'javelin-behavior-aphront-form-disable-on-submit',
|
|
|
|
25 => 'phabricator-keyboard-shortcut-manager',
|
|
|
|
26 => 'phabricator-keyboard-shortcut',
|
|
|
|
27 => 'javelin-behavior-phabricator-keyboard-shortcuts',
|
|
|
|
28 => 'javelin-behavior-refresh-csrf',
|
|
|
|
29 => 'javelin-behavior-phabricator-watch-anchor',
|
|
|
|
30 => 'javelin-behavior-phabricator-autofocus',
|
|
|
|
31 => 'phuix-dropdown-menu',
|
|
|
|
32 => 'phuix-action-list-view',
|
|
|
|
33 => 'phuix-action-view',
|
|
|
|
34 => 'phabricator-phtize',
|
|
|
|
35 => 'javelin-behavior-phabricator-oncopy',
|
|
|
|
36 => 'phabricator-tooltip',
|
|
|
|
37 => 'javelin-behavior-phabricator-tooltips',
|
|
|
|
38 => 'phabricator-prefab',
|
|
|
|
39 => 'javelin-behavior-device',
|
|
|
|
40 => 'javelin-behavior-toggle-class',
|
|
|
|
41 => 'javelin-behavior-lightbox-attachments',
|
|
|
|
42 => 'phabricator-busy',
|
|
|
|
43 => 'javelin-aphlict',
|
|
|
|
44 => 'phabricator-notification',
|
|
|
|
45 => 'javelin-behavior-aphlict-listen',
|
|
|
|
46 => 'javelin-behavior-phabricator-search-typeahead',
|
|
|
|
47 => 'javelin-behavior-konami',
|
|
|
|
48 => 'javelin-behavior-aphlict-dropdown',
|
|
|
|
49 => 'javelin-behavior-history-install',
|
|
|
|
50 => 'javelin-behavior-phabricator-gesture',
|
|
|
|
51 => 'javelin-behavior-phabricator-active-nav',
|
|
|
|
52 => 'javelin-behavior-phabricator-nav',
|
|
|
|
53 => 'javelin-behavior-phabricator-remarkup-assist',
|
|
|
|
54 => 'phabricator-textareautils',
|
|
|
|
55 => 'phabricator-file-upload',
|
|
|
|
56 => 'javelin-behavior-global-drag-and-drop',
|
|
|
|
57 => 'javelin-behavior-phabricator-reveal-content',
|
|
|
|
58 => 'phabricator-hovercard',
|
|
|
|
59 => 'javelin-behavior-phabricator-hovercards',
|
|
|
|
60 => 'javelin-color',
|
|
|
|
61 => 'javelin-fx',
|
|
|
|
62 => 'phabricator-draggable-list',
|
|
|
|
63 => 'javelin-behavior-phabricator-transaction-list',
|
|
|
|
64 => 'javelin-behavior-phabricator-show-all-transactions',
|
|
|
|
65 => 'javelin-behavior-phui-timeline-dropdown-menu',
|
|
|
|
66 => 'javelin-behavior-doorkeeper-tag',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'darkconsole.pkg.js' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior-dark-console',
|
|
|
|
1 => 'javelin-behavior-error-log',
|
|
|
|
),
|
|
|
|
'differential.pkg.css' =>
|
|
|
|
array(
|
|
|
|
0 => 'differential-core-view-css',
|
|
|
|
1 => 'differential-changeset-view-css',
|
|
|
|
2 => 'differential-results-table-css',
|
|
|
|
3 => 'differential-revision-history-css',
|
|
|
|
4 => 'differential-revision-list-css',
|
|
|
|
5 => 'differential-table-of-contents-css',
|
|
|
|
6 => 'differential-revision-comment-css',
|
|
|
|
7 => 'differential-revision-add-comment-css',
|
2014-02-14 19:23:07 +01:00
|
|
|
8 => 'phabricator-object-selector-css',
|
|
|
|
9 => 'phabricator-content-source-view-css',
|
2014-04-02 22:18:11 +02:00
|
|
|
10 => 'inline-comment-summary-css',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'differential.pkg.js' =>
|
|
|
|
array(
|
|
|
|
0 => 'phabricator-drag-and-drop-file-upload',
|
|
|
|
1 => 'phabricator-shaped-request',
|
|
|
|
2 => 'javelin-behavior-differential-feedback-preview',
|
|
|
|
3 => 'javelin-behavior-differential-edit-inline-comments',
|
|
|
|
4 => 'javelin-behavior-differential-populate',
|
|
|
|
5 => 'javelin-behavior-differential-show-more',
|
|
|
|
6 => 'javelin-behavior-differential-diff-radios',
|
2014-03-09 22:53:05 +01:00
|
|
|
7 => 'javelin-behavior-differential-comment-jump',
|
|
|
|
8 => 'javelin-behavior-differential-add-reviewers-and-ccs',
|
|
|
|
9 => 'javelin-behavior-differential-keyboard-navigation',
|
|
|
|
10 => 'javelin-behavior-aphront-drag-and-drop-textarea',
|
|
|
|
11 => 'javelin-behavior-phabricator-object-selector',
|
|
|
|
12 => 'javelin-behavior-repository-crossreference',
|
|
|
|
13 => 'javelin-behavior-load-blame',
|
|
|
|
14 => 'differential-inline-comment-editor',
|
|
|
|
15 => 'javelin-behavior-differential-dropdown-menus',
|
|
|
|
16 => 'javelin-behavior-differential-toggle-files',
|
|
|
|
17 => 'javelin-behavior-differential-user-select',
|
2014-05-22 19:47:00 +02:00
|
|
|
18 => 'javelin-behavior-aphront-more',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
'diffusion.pkg.css' =>
|
|
|
|
array(
|
|
|
|
0 => 'diffusion-commit-view-css',
|
|
|
|
1 => 'diffusion-icons-css',
|
|
|
|
),
|
|
|
|
'diffusion.pkg.js' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior-diffusion-pull-lastmodified',
|
|
|
|
1 => 'javelin-behavior-diffusion-commit-graph',
|
|
|
|
2 => 'javelin-behavior-audit-preview',
|
|
|
|
),
|
|
|
|
'maniphest.pkg.css' =>
|
|
|
|
array(
|
|
|
|
0 => 'maniphest-task-summary-css',
|
|
|
|
),
|
|
|
|
'maniphest.pkg.js' =>
|
|
|
|
array(
|
|
|
|
0 => 'javelin-behavior-maniphest-batch-selector',
|
|
|
|
1 => 'javelin-behavior-maniphest-transaction-controls',
|
|
|
|
2 => 'javelin-behavior-maniphest-transaction-preview',
|
|
|
|
3 => 'javelin-behavior-maniphest-transaction-expand',
|
|
|
|
4 => 'javelin-behavior-maniphest-subpriority-editor',
|
2014-05-22 19:47:00 +02:00
|
|
|
5 => 'javelin-behavior-maniphest-list-editor',
|
2014-01-01 03:04:25 +01:00
|
|
|
),
|
|
|
|
),
|
|
|
|
);
|