mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 14:52:41 +01:00
When loading project membership to evaluate the "Subscribers" policy, use the ominipotent viewer
Summary: See PHI448. Ref T13106. The current implementation here can end up in an infinite stack if, e.g., a project uses "Visible to: Subscribers". Test Plan: Will push. Maniphest Tasks: T13106 Differential Revision: https://secure.phabricator.com/D19226
This commit is contained in:
parent
ce6e020d5d
commit
f348721aed
1 changed files with 5 additions and 2 deletions
|
@ -45,10 +45,13 @@ final class PhabricatorSubscriptionsSubscribersPolicyRule
|
|||
$this->subscribed[$viewer_phid] = array();
|
||||
}
|
||||
|
||||
// Load the project PHIDs the user is a member of.
|
||||
// Load the project PHIDs the user is a member of. We use the omnipotent
|
||||
// user here because projects may themselves have "Subscribers" visibility
|
||||
// policies and we don't want to get stuck in an infinite stack of
|
||||
// recursive policy checks. See T13106.
|
||||
if (!isset($this->sourcePHIDs[$viewer_phid])) {
|
||||
$projects = id(new PhabricatorProjectQuery())
|
||||
->setViewer($viewer)
|
||||
->setViewer(PhabricatorUser::getOmnipotentUser())
|
||||
->withMemberPHIDs(array($viewer_phid))
|
||||
->execute();
|
||||
|
||||
|
|
Loading…
Reference in a new issue