mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-22 21:40:55 +01:00
Remove the "grant authority" mechanism from users
Summary: Ref T13393. See some previous discussion in T13366. Caching is hard and all approaches here have downsides, but the request cache likely has fewer practical downsides for this kind of policy check than other approaches. In particular, the grant approach (at least, as previously used in Phortune) has a major downside that "Query" classes can no longer fully enforce policies. Since Phortune no longer depends on grants and they've now been removed from instances, drop the mechanism completely. Test Plan: Grepped for callsites, found none. Maniphest Tasks: T13393 Differential Revision: https://secure.phabricator.com/D20754
This commit is contained in:
parent
3c26e38487
commit
533a5535b6
1 changed files with 0 additions and 18 deletions
|
@ -59,7 +59,6 @@ final class PhabricatorUser
|
||||||
private $rawCacheData = array();
|
private $rawCacheData = array();
|
||||||
private $usableCacheData = array();
|
private $usableCacheData = array();
|
||||||
|
|
||||||
private $authorities = array();
|
|
||||||
private $handlePool;
|
private $handlePool;
|
||||||
private $csrfSalt;
|
private $csrfSalt;
|
||||||
|
|
||||||
|
@ -705,23 +704,6 @@ final class PhabricatorUser
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Grant a user a source of authority, to let them bypass policy checks they
|
|
||||||
* could not otherwise.
|
|
||||||
*/
|
|
||||||
public function grantAuthority($authority) {
|
|
||||||
$this->authorities[] = $authority;
|
|
||||||
return $this;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Get authorities granted to the user.
|
|
||||||
*/
|
|
||||||
public function getAuthorities() {
|
|
||||||
return $this->authorities;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function hasConduitClusterToken() {
|
public function hasConduitClusterToken() {
|
||||||
return ($this->conduitClusterToken !== self::ATTACHABLE);
|
return ($this->conduitClusterToken !== self::ATTACHABLE);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue