mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-18 19:40:55 +01:00
Add hard stops on empty batch edit sets
Summary: Ref T8637. If a user tries to batch edit a list of tasks which can't be edited, we fall through to `withIDs(array())`, which can affect //everything//. Explicitly stop batch editing if we don't have valid IDs or valid tasks. The UI sort-of warns you that something is wrong, but this is ultimately a pretty severe UX issue. I'll fix the underlying Query in the next diff. Test Plan: Tried to batch edit a list of tasks I didn't have permission to edit. Reviewers: btrahan Reviewed By: btrahan Subscribers: lloyd.oliver, epriestley Maniphest Tasks: T8637 Differential Revision: https://secure.phabricator.com/D13388
This commit is contained in:
parent
d1983560a6
commit
0597aba33e
1 changed files with 12 additions and 0 deletions
|
@ -25,6 +25,12 @@ final class ManiphestBatchEditController extends ManiphestController {
|
|||
$task_ids = $request->getStrList('batch');
|
||||
}
|
||||
|
||||
if (!$task_ids) {
|
||||
throw new Exception(
|
||||
pht(
|
||||
'No tasks are selected.'));
|
||||
}
|
||||
|
||||
$tasks = id(new ManiphestTaskQuery())
|
||||
->setViewer($viewer)
|
||||
->withIDs($task_ids)
|
||||
|
@ -37,6 +43,12 @@ final class ManiphestBatchEditController extends ManiphestController {
|
|||
->needProjectPHIDs(true)
|
||||
->execute();
|
||||
|
||||
if (!$tasks) {
|
||||
throw new Exception(
|
||||
pht(
|
||||
"You don't have permission to edit any of the selected tasks."));
|
||||
}
|
||||
|
||||
if ($project) {
|
||||
$cancel_uri = '/project/board/'.$project->getID().'/';
|
||||
$redirect_uri = $cancel_uri;
|
||||
|
|
Loading…
Reference in a new issue