1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-01-05 04:11:01 +01:00

Provide a callback for Queries to filter objects from alternate result sets

Summary: Ref T2715. `PhabricatorObjectQuery` can theoretically bypass policies on its side-channel result set. This can't actually happen in practice because all the loading mechanisms are filtered, but provide a general way to implement side channel results safely.

Test Plan: Loaded some pages; see next diff.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T2715

Differential Revision: https://secure.phabricator.com/D6514
This commit is contained in:
epriestley 2013-07-22 12:20:31 -07:00
parent d3cf7874ed
commit f32e0e9330
2 changed files with 37 additions and 3 deletions

View file

@ -110,4 +110,12 @@ final class PhabricatorObjectQuery
return $results; return $results;
} }
protected function didFilterResults(array $filtered) {
foreach ($this->namedResults as $name => $result) {
if (isset($filtered[$result->getPHID()])) {
unset($this->namedResults[$name]);
}
}
}
} }

View file

@ -177,12 +177,22 @@ abstract class PhabricatorPolicyAwareQuery extends PhabricatorOffsetPagedQuery {
} }
if ($page) { if ($page) {
$visible = $this->willFilterPage($page); $maybe_visible = $this->willFilterPage($page);
} else { } else {
$visible = array(); $maybe_visible = array();
} }
$visible = $filter->apply($visible); $visible = $filter->apply($maybe_visible);
$removed = array();
foreach ($maybe_visible as $key => $object) {
if (empty($visible[$key])) {
$removed[$key] = $object;
}
}
$this->didFilterResults($removed);
foreach ($visible as $key => $result) { foreach ($visible as $key => $result) {
++$count; ++$count;
@ -289,6 +299,22 @@ abstract class PhabricatorPolicyAwareQuery extends PhabricatorOffsetPagedQuery {
} }
/**
* Hook for removing filtered results from alternate result sets. This
* hook will be called with any objects which were returned by the query but
* filtered for policy reasons. The query should remove them from any cached
* or partial result sets.
*
* @param list<wild> List of objects that should not be returned by alternate
* result mechanisms.
* @return void
* @task policyimpl
*/
protected function didFilterResults(array $results) {
return;
}
/** /**
* Hook for applying final adjustments before results are returned. This is * Hook for applying final adjustments before results are returned. This is
* used by @{class:PhabricatorCursorPagedPolicyAwareQuery} to reverse results * used by @{class:PhabricatorCursorPagedPolicyAwareQuery} to reverse results