mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-10 23:01:04 +01:00
Fix logged-out Diffusion calls to Conduit
Summary: Conduit doesn't currently have an analog to "shouldAllowPublic", so the recent policy checks added here caught legitimate Conduit calls when viewing Diffusion as a logged-out user. Add `shouldAllowPublic()` and set it for all the Diffusion queries. (More calls probably need this, but we can add it when we hit them.) Test Plan: Looked at Diffusion as a logged-out user with public access enabled. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7380
This commit is contained in:
parent
7dd31a16d9
commit
90b83d7a92
3 changed files with 20 additions and 4 deletions
|
@ -86,11 +86,18 @@ final class ConduitCall {
|
|||
|
||||
$this->request->setUser($user);
|
||||
|
||||
if ($this->shouldRequireAuthentication()) {
|
||||
// TODO: As per below, this should get centralized and cleaned up.
|
||||
if (!$this->shouldRequireAuthentication()) {
|
||||
// No auth requirement here.
|
||||
} else {
|
||||
|
||||
$allow_public = $this->handler->shouldAllowPublic() &&
|
||||
PhabricatorEnv::getEnvConfig('policy.allow-public');
|
||||
if (!$allow_public) {
|
||||
if (!$user->isLoggedIn() && !$user->isOmnipotent()) {
|
||||
// TODO: As per below, this should get centralized and cleaned up.
|
||||
throw new ConduitException("ERR-INVALID-AUTH");
|
||||
}
|
||||
}
|
||||
|
||||
// TODO: This would be slightly cleaner by just using a Query, but the
|
||||
// Conduit auth workflow requires the Call and User be built separately.
|
||||
|
|
|
@ -104,6 +104,10 @@ abstract class ConduitAPIMethod
|
|||
return true;
|
||||
}
|
||||
|
||||
public function shouldAllowPublic() {
|
||||
return false;
|
||||
}
|
||||
|
||||
public function shouldAllowUnguardedWrites() {
|
||||
return false;
|
||||
}
|
||||
|
|
|
@ -6,9 +6,14 @@
|
|||
abstract class ConduitAPI_diffusion_abstractquery_Method
|
||||
extends ConduitAPI_diffusion_Method {
|
||||
|
||||
public function shouldAllowPublic() {
|
||||
return true;
|
||||
}
|
||||
|
||||
public function getMethodStatus() {
|
||||
return self::METHOD_STATUS_UNSTABLE;
|
||||
}
|
||||
|
||||
public function getMethodStatusDescription() {
|
||||
return pht(
|
||||
'See T2784 - migrating diffusion working copy calls to conduit methods. '.
|
||||
|
|
Loading…
Reference in a new issue