1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-20 20:40:56 +01:00

Fix bad Phortune Subscriptions query

Summary:
Fixes T7285. If the user tries to view a subscription they don't have permission to view, we may filter all the subscriptions out, then still try to load related data. This can fatal because it's invalid.

Instead, bail if we filtered everything.

Test Plan: Subscritption detail page of another user's subscription is now 404 instead of fatal.

Reviewers: btrahan, chad

Reviewed By: chad

Subscribers: epriestley

Maniphest Tasks: T7285

Differential Revision: https://secure.phabricator.com/D11780
This commit is contained in:
epriestley 2015-02-16 11:17:51 -08:00
parent f206da2dbf
commit 5a9d70707b

View file

@ -72,6 +72,10 @@ final class PhortuneSubscriptionQuery
$subscription->attachAccount($account);
}
if (!$subscriptions) {
return $subscriptions;
}
$merchants = id(new PhortuneMerchantQuery())
->setViewer($this->getViewer())
->withPHIDs(mpull($subscriptions, 'getMerchantPHID'))
@ -87,6 +91,10 @@ final class PhortuneSubscriptionQuery
$subscription->attachMerchant($merchant);
}
if (!$subscriptions) {
return $subscriptions;
}
$implementations = array();
$subscription_map = mgroup($subscriptions, 'getSubscriptionClass');
@ -109,6 +117,10 @@ final class PhortuneSubscriptionQuery
$subscription->attachImplementation($implementation);
}
if (!$subscriptions) {
return $subscriptions;
}
if ($this->needTriggers) {
$trigger_phids = mpull($subscriptions, 'getTriggerPHID');
$triggers = id(new PhabricatorWorkerTriggerQuery())