mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-02 11:42:42 +01:00
(stable) Fix an issue where raw diffs that are not attached to revisions could skip repository policy checks
Summary: See PHI1697. If a diff is not attached to a revision (for example, if it was created with "arc diff --only"), but is attached to a repository, it is supposed to be visible only to users who can see that repository. It currently skips this extended policy check and may incorrectly be visible to too many users. (Once a diff is attached to a revision, this rule is enforced properly via the revision policy.) Test Plan: - Set repository R to be visible only to Alice. - As Alice, created a diff from a working copy of repository R with "arc diff --only". - As Bailey, viewed the diff. - Before: visible diff. - After: policy exception (as expected). Differential Revision: https://secure.phabricator.com/D21103
This commit is contained in:
parent
088dfdb586
commit
3f9609a55c
1 changed files with 5 additions and 0 deletions
|
@ -472,6 +472,11 @@ final class DifferentialDiff
|
|||
$this->getRevision(),
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
);
|
||||
} else if ($this->getRepositoryPHID()) {
|
||||
$extended[] = array(
|
||||
$this->getRepositoryPHID(),
|
||||
PhabricatorPolicyCapability::CAN_VIEW,
|
||||
);
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue