1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-22 14:52:41 +01:00

When loading project membership to evaluate the "Subscribers" policy, use the ominipotent viewer

Summary: See PHI448. Ref T13106. The current implementation here can end up in an infinite stack if, e.g., a project uses "Visible to: Subscribers".

Test Plan: Will push.

Maniphest Tasks: T13106

Differential Revision: https://secure.phabricator.com/D19226
This commit is contained in:
epriestley 2018-03-14 12:48:20 -07:00
parent ce6e020d5d
commit f348721aed

View file

@ -45,10 +45,13 @@ final class PhabricatorSubscriptionsSubscribersPolicyRule
$this->subscribed[$viewer_phid] = array();
}
// Load the project PHIDs the user is a member of.
// Load the project PHIDs the user is a member of. We use the omnipotent
// user here because projects may themselves have "Subscribers" visibility
// policies and we don't want to get stuck in an infinite stack of
// recursive policy checks. See T13106.
if (!isset($this->sourcePHIDs[$viewer_phid])) {
$projects = id(new PhabricatorProjectQuery())
->setViewer($viewer)
->setViewer(PhabricatorUser::getOmnipotentUser())
->withMemberPHIDs(array($viewer_phid))
->execute();