1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 21:40:55 +01:00

Remove the "grant authority" mechanism from users

Summary:
Ref T13393. See some previous discussion in T13366.

Caching is hard and all approaches here have downsides, but the request cache likely has fewer practical downsides for this kind of policy check than other approaches. In particular, the grant approach (at least, as previously used in Phortune) has a major downside that "Query" classes can no longer fully enforce policies.

Since Phortune no longer depends on grants and they've now been removed from instances, drop the mechanism completely.

Test Plan: Grepped for callsites, found none.

Maniphest Tasks: T13393

Differential Revision: https://secure.phabricator.com/D20754
This commit is contained in:
epriestley 2019-08-30 09:12:57 -07:00
parent 3c26e38487
commit 533a5535b6

View file

@ -59,7 +59,6 @@ final class PhabricatorUser
private $rawCacheData = array(); private $rawCacheData = array();
private $usableCacheData = array(); private $usableCacheData = array();
private $authorities = array();
private $handlePool; private $handlePool;
private $csrfSalt; private $csrfSalt;
@ -705,23 +704,6 @@ final class PhabricatorUser
} }
/**
* Grant a user a source of authority, to let them bypass policy checks they
* could not otherwise.
*/
public function grantAuthority($authority) {
$this->authorities[] = $authority;
return $this;
}
/**
* Get authorities granted to the user.
*/
public function getAuthorities() {
return $this->authorities;
}
public function hasConduitClusterToken() { public function hasConduitClusterToken() {
return ($this->conduitClusterToken !== self::ATTACHABLE); return ($this->conduitClusterToken !== self::ATTACHABLE);
} }