Give PhabricatorAuthPassword a formal CAN_EDIT policy

Summary: Depends on D19585. Ref T13164. This is a precursor for D19586, which causes Editors to start doing more explicit CAN_EDIT checks. Passwords have an Editor, but don't actually define a CAN_EDIT capability. Define one (you can edit a password if you can edit the object the password is associated with). (Today, this object is always a User -- this table just unified VCS passwords and Account passwords so they can be handled more consistently.) Test Plan: - With D19586, ran unit tests and got a pass. - Edited my own password. - Tried to edit another user's password and wasn't permitted to. Reviewers: amckinley Reviewed By: amckinley Maniphest Tasks: T13164 Differential Revision: https://secure.phabricator.com/D19592
2024-11-10 00:42:41 +01:00 · 2018-08-16 10:07:28 -07:00 · 2018-08-16 10:07:28 -07:00 · 0ccf1410e0
commit 0ccf1410e0
parent 7e29ec2e2a
1 changed files with 2 additions and 1 deletions
--- a/src/applications/auth/storage/PhabricatorAuthPassword.php
+++ b/src/applications/auth/storage/PhabricatorAuthPassword.php
@ -178,6 +178,7 @@ final class PhabricatorAuthPassword
  public function getCapabilities() {
    return array(
      PhabricatorPolicyCapability::CAN_VIEW,
+      PhabricatorPolicyCapability::CAN_EDIT,
    );
  }

@ -195,7 +196,7 @@ final class PhabricatorAuthPassword

  public function getExtendedPolicy($capability, PhabricatorUser $viewer) {
    return array(
-      array($this->getObject(), PhabricatorPolicyCapability::CAN_VIEW),
+      array($this->getObject(), $capability),
    );
  }