1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-23 14:00:56 +01:00

Fix logged-out Diffusion calls to Conduit

Summary:
Conduit doesn't currently have an analog to "shouldAllowPublic", so the recent policy checks added here caught legitimate Conduit calls when viewing Diffusion as a logged-out user.

Add `shouldAllowPublic()` and set it for all the Diffusion queries.

(More calls probably need this, but we can add it when we hit them.)

Test Plan: Looked at Diffusion as a logged-out user with public access enabled.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7380
This commit is contained in:
epriestley 2013-10-22 13:47:52 -07:00
parent 7dd31a16d9
commit 90b83d7a92
3 changed files with 20 additions and 4 deletions

View file

@ -86,11 +86,18 @@ final class ConduitCall {
$this->request->setUser($user);
if ($this->shouldRequireAuthentication()) {
// TODO: As per below, this should get centralized and cleaned up.
if (!$this->shouldRequireAuthentication()) {
// No auth requirement here.
} else {
$allow_public = $this->handler->shouldAllowPublic() &&
PhabricatorEnv::getEnvConfig('policy.allow-public');
if (!$allow_public) {
if (!$user->isLoggedIn() && !$user->isOmnipotent()) {
// TODO: As per below, this should get centralized and cleaned up.
throw new ConduitException("ERR-INVALID-AUTH");
}
}
// TODO: This would be slightly cleaner by just using a Query, but the
// Conduit auth workflow requires the Call and User be built separately.

View file

@ -104,6 +104,10 @@ abstract class ConduitAPIMethod
return true;
}
public function shouldAllowPublic() {
return false;
}
public function shouldAllowUnguardedWrites() {
return false;
}

View file

@ -6,9 +6,14 @@
abstract class ConduitAPI_diffusion_abstractquery_Method
extends ConduitAPI_diffusion_Method {
public function shouldAllowPublic() {
return true;
}
public function getMethodStatus() {
return self::METHOD_STATUS_UNSTABLE;
}
public function getMethodStatusDescription() {
return pht(
'See T2784 - migrating diffusion working copy calls to conduit methods. '.