mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-10 00:42:41 +01:00
In Audit, use repository identities to prevent author-auditors
Summary:
See PHI2015. Diffusion attempts to prevent a commit's author from being made an auditor, but currently uses an out-of-date method for identifying the author.
Use the modern ("Repository Identity" aware) method instead.
Test Plan:
- Authored a commit as user "X", mapped to my account.
- Pushed/imported/discovered it.
- Changed the identity mapping for "X" from my account to a different account.
- Tried to add myself as an auditor.
- Before: error, "author can't be an auditor".
- After: succeeds.
- Tried to add the newly mapped user as an auditor. This correctly fails with the "author can't be an auditor" error.
It's possible to put commits into a wonky state by remapping the author identity to a user who is already an auditor, but I think that isn't important and we can't do much about it, realistically.
Differential Revision: https://secure.phabricator.com/D21594
This commit is contained in:
epriestley
parent
9b6a030292
commit
a9704428ff
1 changed files with 1 additions and 1 deletions
|
|
@ -182,7 +182,7 @@ final class DiffusionCommitAuditorsTransaction
|
|||
return $errors;
|
||||
}
|
||||
|
||||
$author_phid = $object->getAuthorPHID();
|
||||
$author_phid = $object->getEffectiveAuthorPHID();
|
||||
$can_author_close_key = 'audit.can-author-close-audit';
|
||||
$can_author_close = PhabricatorEnv::getEnvConfig($can_author_close_key);
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue