mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-19 03:50:54 +01:00
Allow logged-out users to load global preferences on installs without public viewers
Summary: Fixes T11946. When a logged-out viewer is loading a page on a non-public install, there are two policy issues which prevent them from loading global settings: - They can not see the Settings application itself. - They can not see the global settings object. Allow them to see Settings by making mandatory applications always visible. (This doesn't make any application pages public.) Allow them to see the global settings object explicitly. Test Plan: Changed default language, viewed logged-out page: {F2076924} Reviewers: chad Reviewed By: chad Maniphest Tasks: T11946 Differential Revision: https://secure.phabricator.com/D16983
This commit is contained in:
parent
f0bf0419f1
commit
5f593aafb1
2 changed files with 20 additions and 4 deletions
|
@ -437,10 +437,19 @@ abstract class PhabricatorApplication
|
|||
if (!self::isClassInstalled($class)) {
|
||||
$result = false;
|
||||
} else {
|
||||
$result = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
self::getByClass($class),
|
||||
PhabricatorPolicyCapability::CAN_VIEW);
|
||||
$application = self::getByClass($class);
|
||||
if (!$application->canUninstall()) {
|
||||
// If the application can not be uninstalled, always allow viewers
|
||||
// to see it. In particular, this allows logged-out viewers to see
|
||||
// Settings and load global default settings even if the install
|
||||
// does not allow public viewers.
|
||||
$result = true;
|
||||
} else {
|
||||
$result = PhabricatorPolicyFilter::hasCapability(
|
||||
$viewer,
|
||||
self::getByClass($class),
|
||||
PhabricatorPolicyCapability::CAN_VIEW);
|
||||
}
|
||||
}
|
||||
|
||||
$cache->setKey($key, $result);
|
||||
|
|
|
@ -219,6 +219,13 @@ final class PhabricatorUserPreferences
|
|||
}
|
||||
}
|
||||
|
||||
switch ($this->getBuiltinKey()) {
|
||||
case self::BUILTIN_GLOBAL_DEFAULT:
|
||||
// NOTE: Without this policy exception, the logged-out viewer can not
|
||||
// see global preferences.
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue