1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-12 15:51:04 +01:00

Fix excessively-conservative feed story policy checks

Summary:
When checking if a user can see a feed story about an object, we currently use the object's primary policy but ignore automatic capabilities.

Instead, proxy both primary policies and automatic capabilities.

Test Plan:
  - Before this patch, users could not see stories about events they were invited to but not permitted to see by the primary policy (this is currently the default for newly created events).
  - After this patch, these invited users can now see the stories.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: lpriestley, epriestley

Differential Revision: https://secure.phabricator.com/D12785
This commit is contained in:
epriestley 2015-05-10 10:55:01 -07:00
parent a03a488ba6
commit 2e54b3ff57

View file

@ -453,15 +453,9 @@ abstract class PhabricatorFeedStory
* @task policy * @task policy
*/ */
public function getPolicy($capability) { public function getPolicy($capability) {
// If this story's primary object is a policy-aware object, use its policy $policy_object = $this->getPrimaryPolicyObject();
// to control story visiblity. if ($policy_object) {
return $policy_object->getPolicy($capability);
$primary_phid = $this->getPrimaryObjectPHID();
if (isset($this->objects[$primary_phid])) {
$object = $this->objects[$primary_phid];
if ($object instanceof PhabricatorPolicyInterface) {
return $object->getPolicy($capability);
}
} }
// TODO: Remove this once all objects are policy-aware. For now, keep // TODO: Remove this once all objects are policy-aware. For now, keep
@ -476,6 +470,11 @@ abstract class PhabricatorFeedStory
* @task policy * @task policy
*/ */
public function hasAutomaticCapability($capability, PhabricatorUser $viewer) { public function hasAutomaticCapability($capability, PhabricatorUser $viewer) {
$policy_object = $this->getPrimaryPolicyObject();
if ($policy_object) {
return $policy_object->hasAutomaticCapability($capability, $viewer);
}
return false; return false;
} }
@ -484,6 +483,26 @@ abstract class PhabricatorFeedStory
} }
/**
* Get the policy object this story is about, if such a policy object
* exists.
*
* @return PhabricatorPolicyInterface|null Policy object, if available.
* @task policy
*/
private function getPrimaryPolicyObject() {
$primary_phid = $this->getPrimaryObjectPHID();
if (empty($this->objects[$primary_phid])) {
$object = $this->objects[$primary_phid];
if ($object instanceof PhabricatorPolicyInterface) {
return $object;
}
}
return null;
}
/* -( PhabricatorMarkupInterface Implementation )--------------------------- */ /* -( PhabricatorMarkupInterface Implementation )--------------------------- */