Don't skip policy checks on ObjectQuery if special capabilities are required

Summary: Ref T6741. As an optimization, we omit policy checks on ObjectQuery, but need to retain them if the query requests non-view permissions. This primarily affected Almanac properties. Test Plan: Almanac properties now do full policy checks on ObjectQuery loads. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T6741 Differential Revision: https://secure.phabricator.com/D11005
2024-11-19 05:12:41 +01:00 · 2014-12-17 17:04:12 -08:00 · 2014-12-17 17:04:12 -08:00 · f5600acb16
commit f5600acb16
parent d8739459f6
1 changed files with 10 additions and 4 deletions
--- a/src/applications/phid/query/PhabricatorObjectQuery.php
+++ b/src/applications/phid/query/PhabricatorObjectQuery.php
@ -144,12 +144,18 @@ final class PhabricatorObjectQuery
  }

  /**
-   * This query disables policy filtering because it is performed in the
-   * subqueries which actually load objects. We don't need to re-filter
-   * results, since policies have already been applied.
+   * This query disables policy filtering if the only required capability is
+   * the view capability.
+   *
+   * The view capability is always checked in the subqueries, so we do not need
+   * to re-filter results. For any other set of required capabilities, we do.
   */
  protected function shouldDisablePolicyFiltering() {
-    return true;
+    $view_capability = PhabricatorPolicyCapability::CAN_VIEW;
+    if ($this->getRequiredCapabilities() === array($view_capability)) {
+      return true;
+    }
+    return false;
  }

  public function getQueryApplicationClass() {