Fix bad Phortune Subscriptions query

Summary: Fixes T7285. If the user tries to view a subscription they don't have permission to view, we may filter all the subscriptions out, then still try to load related data. This can fatal because it's invalid. Instead, bail if we filtered everything. Test Plan: Subscritption detail page of another user's subscription is now 404 instead of fatal. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T7285 Differential Revision: https://secure.phabricator.com/D11780
2024-12-20 12:30:56 +01:00 · 2015-02-16 11:17:51 -08:00 · 2015-02-16 11:17:51 -08:00 · 5a9d70707b
commit 5a9d70707b
parent f206da2dbf
1 changed files with 12 additions and 0 deletions
--- a/src/applications/phortune/query/PhortuneSubscriptionQuery.php
+++ b/src/applications/phortune/query/PhortuneSubscriptionQuery.php
@ -72,6 +72,10 @@ final class PhortuneSubscriptionQuery
      $subscription->attachAccount($account);
    }

+    if (!$subscriptions) {
+      return $subscriptions;
+    }
+
    $merchants = id(new PhortuneMerchantQuery())
      ->setViewer($this->getViewer())
      ->withPHIDs(mpull($subscriptions, 'getMerchantPHID'))
@ -87,6 +91,10 @@ final class PhortuneSubscriptionQuery
      $subscription->attachMerchant($merchant);
    }

+    if (!$subscriptions) {
+      return $subscriptions;
+    }
+
    $implementations = array();

    $subscription_map = mgroup($subscriptions, 'getSubscriptionClass');
@ -109,6 +117,10 @@ final class PhortuneSubscriptionQuery
      $subscription->attachImplementation($implementation);
    }

+    if (!$subscriptions) {
+      return $subscriptions;
+    }
+
    if ($this->needTriggers) {
      $trigger_phids = mpull($subscriptions, 'getTriggerPHID');
      $triggers = id(new PhabricatorWorkerTriggerQuery())