mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-30 01:10:58 +01:00
Fix bad Phortune Subscriptions query
Summary: Fixes T7285. If the user tries to view a subscription they don't have permission to view, we may filter all the subscriptions out, then still try to load related data. This can fatal because it's invalid. Instead, bail if we filtered everything. Test Plan: Subscritption detail page of another user's subscription is now 404 instead of fatal. Reviewers: btrahan, chad Reviewed By: chad Subscribers: epriestley Maniphest Tasks: T7285 Differential Revision: https://secure.phabricator.com/D11780
This commit is contained in:
parent
f206da2dbf
commit
5a9d70707b
1 changed files with 12 additions and 0 deletions
|
@ -72,6 +72,10 @@ final class PhortuneSubscriptionQuery
|
|||
$subscription->attachAccount($account);
|
||||
}
|
||||
|
||||
if (!$subscriptions) {
|
||||
return $subscriptions;
|
||||
}
|
||||
|
||||
$merchants = id(new PhortuneMerchantQuery())
|
||||
->setViewer($this->getViewer())
|
||||
->withPHIDs(mpull($subscriptions, 'getMerchantPHID'))
|
||||
|
@ -87,6 +91,10 @@ final class PhortuneSubscriptionQuery
|
|||
$subscription->attachMerchant($merchant);
|
||||
}
|
||||
|
||||
if (!$subscriptions) {
|
||||
return $subscriptions;
|
||||
}
|
||||
|
||||
$implementations = array();
|
||||
|
||||
$subscription_map = mgroup($subscriptions, 'getSubscriptionClass');
|
||||
|
@ -109,6 +117,10 @@ final class PhortuneSubscriptionQuery
|
|||
$subscription->attachImplementation($implementation);
|
||||
}
|
||||
|
||||
if (!$subscriptions) {
|
||||
return $subscriptions;
|
||||
}
|
||||
|
||||
if ($this->needTriggers) {
|
||||
$trigger_phids = mpull($subscriptions, 'getTriggerPHID');
|
||||
$triggers = id(new PhabricatorWorkerTriggerQuery())
|
||||
|
|
Loading…
Reference in a new issue