revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-10 23:01:04 +01:00
Code Issues Releases Wiki Activity

Clean up supplemental capabilitiy checks in transaction edits

Browse source 
Summary:
We have this commented-out chunk of code now which was originally buggy and is now just nonfunctional.

For now, the core edit types don't always require CAN_EDIT (e.g., subscribe, comment, add edges), except for editing the edit policy itself, which always does. Add a supplemental capability check there and let everything else go through with CAN_VIEW. We can buff the policy checks on application editors over time, they all require appropriate capabilities to get to in the first place anyway.

Test Plan: Created and edited some tasks without getting overwhelmed with policy exceptions.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7351
This commit is contained in:
epriestley 2013-10-21 16:58:21 -07:00
parent f5c7dd68d2
commit 83c99be423
1 changed files with 18 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
src/applications/transactions/editor/PhabricatorApplicationTransactionEditor.php
View file

@ -697,19 +697,27 @@ abstract class PhabricatorApplicationTransactionEditor
$object, $object,
PhabricatorPolicyCapability::CAN_VIEW); PhabricatorPolicyCapability::CAN_VIEW);
// TODO: This should be "$object", not "$xaction", but probably breaks a foreach ($xactions as $xaction) {
// lot of stuff if fixed -- you don't need to be able to edit in order to $this->requireCapabilities($object, $xaction);
// comment. Instead, transactions should specify the capabilities they }
// require. }
/* protected function requireCapabilities(
PhabricatorLiskDAO $object,
PhabricatorApplicationTransaction $xaction) {
PhabricatorPolicyFilter::requireCapability( switch ($xaction->getTransactionType()) {
$actor, case PhabricatorTransactions::TYPE_EDIT_POLICY:
$xaction, // You must have the edit capability to alter the edit policy of an
PhabricatorPolicyCapability::CAN_EDIT); // object. For other default transaction types, we don't enforce
// anything for the moment.
*/ PhabricatorPolicyFilter::requireCapability(
$this->requireActor(),
$object,
PhabricatorPolicyCapability::CAN_EDIT);
break;
}
} }
private function buildMentionTransaction( private function buildMentionTransaction(