mirror of
https://we.phorge.it/source/phorge.git
synced 2025-01-05 04:11:01 +01:00
Provide a callback for Queries to filter objects from alternate result sets
Summary: Ref T2715. `PhabricatorObjectQuery` can theoretically bypass policies on its side-channel result set. This can't actually happen in practice because all the loading mechanisms are filtered, but provide a general way to implement side channel results safely. Test Plan: Loaded some pages; see next diff. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T2715 Differential Revision: https://secure.phabricator.com/D6514
This commit is contained in:
parent
d3cf7874ed
commit
f32e0e9330
2 changed files with 37 additions and 3 deletions
|
@ -110,4 +110,12 @@ final class PhabricatorObjectQuery
|
||||||
return $results;
|
return $results;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function didFilterResults(array $filtered) {
|
||||||
|
foreach ($this->namedResults as $name => $result) {
|
||||||
|
if (isset($filtered[$result->getPHID()])) {
|
||||||
|
unset($this->namedResults[$name]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -177,12 +177,22 @@ abstract class PhabricatorPolicyAwareQuery extends PhabricatorOffsetPagedQuery {
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($page) {
|
if ($page) {
|
||||||
$visible = $this->willFilterPage($page);
|
$maybe_visible = $this->willFilterPage($page);
|
||||||
} else {
|
} else {
|
||||||
$visible = array();
|
$maybe_visible = array();
|
||||||
}
|
}
|
||||||
|
|
||||||
$visible = $filter->apply($visible);
|
$visible = $filter->apply($maybe_visible);
|
||||||
|
|
||||||
|
$removed = array();
|
||||||
|
foreach ($maybe_visible as $key => $object) {
|
||||||
|
if (empty($visible[$key])) {
|
||||||
|
$removed[$key] = $object;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->didFilterResults($removed);
|
||||||
|
|
||||||
foreach ($visible as $key => $result) {
|
foreach ($visible as $key => $result) {
|
||||||
++$count;
|
++$count;
|
||||||
|
|
||||||
|
@ -289,6 +299,22 @@ abstract class PhabricatorPolicyAwareQuery extends PhabricatorOffsetPagedQuery {
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Hook for removing filtered results from alternate result sets. This
|
||||||
|
* hook will be called with any objects which were returned by the query but
|
||||||
|
* filtered for policy reasons. The query should remove them from any cached
|
||||||
|
* or partial result sets.
|
||||||
|
*
|
||||||
|
* @param list<wild> List of objects that should not be returned by alternate
|
||||||
|
* result mechanisms.
|
||||||
|
* @return void
|
||||||
|
* @task policyimpl
|
||||||
|
*/
|
||||||
|
protected function didFilterResults(array $results) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Hook for applying final adjustments before results are returned. This is
|
* Hook for applying final adjustments before results are returned. This is
|
||||||
* used by @{class:PhabricatorCursorPagedPolicyAwareQuery} to reverse results
|
* used by @{class:PhabricatorCursorPagedPolicyAwareQuery} to reverse results
|
||||||
|
|
Loading…
Reference in a new issue