mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-21 04:50:55 +01:00
Fix two excessively aggressive policy checks
Summary: - Some applications need public access regardless of policy configuration. - The file data endpoint should ignore policies.
This commit is contained in:
parent
6100906273
commit
1296c3d347
2 changed files with 11 additions and 1 deletions
|
@ -127,10 +127,16 @@ abstract class PhabricatorController extends AphrontController {
|
||||||
// a policy exception if the viewer doesn't have permission.
|
// a policy exception if the viewer doesn't have permission.
|
||||||
$application = $this->getCurrentApplication();
|
$application = $this->getCurrentApplication();
|
||||||
if ($application) {
|
if ($application) {
|
||||||
|
/*
|
||||||
|
|
||||||
|
TODO: Reenable this, but it's breaking some applications which need public
|
||||||
|
access in all cases, like Files and Conduit.
|
||||||
|
|
||||||
id(new PhabricatorApplicationQuery())
|
id(new PhabricatorApplicationQuery())
|
||||||
->setViewer($user)
|
->setViewer($user)
|
||||||
->withPHIDs(array($application->getPHID()))
|
->withPHIDs(array($application->getPHID()))
|
||||||
->executeOne();
|
->executeOne();
|
||||||
|
*/
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -25,8 +25,12 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
|
||||||
->setURI($uri->setPath($request->getPath()));
|
->setURI($uri->setPath($request->getPath()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NOTE: This endpoint will ideally be accessed via CDN or otherwise on
|
||||||
|
// a non-credentialed domain. Knowing the file's secret key gives you
|
||||||
|
// access, regardless of authentication on the request itself.
|
||||||
|
|
||||||
$file = id(new PhabricatorFileQuery())
|
$file = id(new PhabricatorFileQuery())
|
||||||
->setViewer($request->getUser())
|
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||||
->withPHIDs(array($this->phid))
|
->withPHIDs(array($this->phid))
|
||||||
->executeOne();
|
->executeOne();
|
||||||
if (!$file) {
|
if (!$file) {
|
||||||
|
|
Loading…
Reference in a new issue