1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-18 19:40:55 +01:00

Add hard stops on empty batch edit sets

Summary:
Ref T8637. If a user tries to batch edit a list of tasks which can't be edited, we fall through to `withIDs(array())`, which can affect //everything//.

Explicitly stop batch editing if we don't have valid IDs or valid tasks.

The UI sort-of warns you that something is wrong, but this is ultimately a pretty severe UX issue. I'll fix the underlying Query in the next diff.

Test Plan: Tried to batch edit a list of tasks I didn't have permission to edit.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: lloyd.oliver, epriestley

Maniphest Tasks: T8637

Differential Revision: https://secure.phabricator.com/D13388
This commit is contained in:
epriestley 2015-06-22 11:47:58 -07:00
parent d1983560a6
commit 0597aba33e

View file

@ -25,6 +25,12 @@ final class ManiphestBatchEditController extends ManiphestController {
$task_ids = $request->getStrList('batch');
}
if (!$task_ids) {
throw new Exception(
pht(
'No tasks are selected.'));
}
$tasks = id(new ManiphestTaskQuery())
->setViewer($viewer)
->withIDs($task_ids)
@ -37,6 +43,12 @@ final class ManiphestBatchEditController extends ManiphestController {
->needProjectPHIDs(true)
->execute();
if (!$tasks) {
throw new Exception(
pht(
"You don't have permission to edit any of the selected tasks."));
}
if ($project) {
$cancel_uri = '/project/board/'.$project->getID().'/';
$redirect_uri = $cancel_uri;