1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00

Allow logged-out users to load global preferences on installs without public viewers

Summary:
Fixes T11946. When a logged-out viewer is loading a page on a non-public install, there are two policy issues which prevent them from loading global settings:

  - They can not see the Settings application itself.
  - They can not see the global settings object.

Allow them to see Settings by making mandatory applications always visible. (This doesn't make any application pages public.)

Allow them to see the global settings object explicitly.

Test Plan:
Changed default language, viewed logged-out page:

{F2076924}

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T11946

Differential Revision: https://secure.phabricator.com/D16983
This commit is contained in:
epriestley 2016-12-05 08:54:15 -08:00
parent f0bf0419f1
commit 5f593aafb1
2 changed files with 20 additions and 4 deletions

View file

@ -437,10 +437,19 @@ abstract class PhabricatorApplication
if (!self::isClassInstalled($class)) {
$result = false;
} else {
$result = PhabricatorPolicyFilter::hasCapability(
$viewer,
self::getByClass($class),
PhabricatorPolicyCapability::CAN_VIEW);
$application = self::getByClass($class);
if (!$application->canUninstall()) {
// If the application can not be uninstalled, always allow viewers
// to see it. In particular, this allows logged-out viewers to see
// Settings and load global default settings even if the install
// does not allow public viewers.
$result = true;
} else {
$result = PhabricatorPolicyFilter::hasCapability(
$viewer,
self::getByClass($class),
PhabricatorPolicyCapability::CAN_VIEW);
}
}
$cache->setKey($key, $result);

View file

@ -219,6 +219,13 @@ final class PhabricatorUserPreferences
}
}
switch ($this->getBuiltinKey()) {
case self::BUILTIN_GLOBAL_DEFAULT:
// NOTE: Without this policy exception, the logged-out viewer can not
// see global preferences.
return true;
}
return false;
}