1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-21 04:50:55 +01:00

Fix two excessively aggressive policy checks

Summary:

  - Some applications need public access regardless of policy configuration.
  - The file data endpoint should ignore policies.
This commit is contained in:
epriestley 2013-10-03 14:38:08 -07:00
parent 6100906273
commit 1296c3d347
2 changed files with 11 additions and 1 deletions

View file

@ -127,10 +127,16 @@ abstract class PhabricatorController extends AphrontController {
// a policy exception if the viewer doesn't have permission. // a policy exception if the viewer doesn't have permission.
$application = $this->getCurrentApplication(); $application = $this->getCurrentApplication();
if ($application) { if ($application) {
/*
TODO: Reenable this, but it's breaking some applications which need public
access in all cases, like Files and Conduit.
id(new PhabricatorApplicationQuery()) id(new PhabricatorApplicationQuery())
->setViewer($user) ->setViewer($user)
->withPHIDs(array($application->getPHID())) ->withPHIDs(array($application->getPHID()))
->executeOne(); ->executeOne();
*/
} }
} }

View file

@ -25,8 +25,12 @@ final class PhabricatorFileDataController extends PhabricatorFileController {
->setURI($uri->setPath($request->getPath())); ->setURI($uri->setPath($request->getPath()));
} }
// NOTE: This endpoint will ideally be accessed via CDN or otherwise on
// a non-credentialed domain. Knowing the file's secret key gives you
// access, regardless of authentication on the request itself.
$file = id(new PhabricatorFileQuery()) $file = id(new PhabricatorFileQuery())
->setViewer($request->getUser()) ->setViewer(PhabricatorUser::getOmnipotentUser())
->withPHIDs(array($this->phid)) ->withPHIDs(array($this->phid))
->executeOne(); ->executeOne();
if (!$file) { if (!$file) {