1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 14:30:56 +01:00
phorge-phorge/webroot/rsrc/js/core
epriestley 9181929ebc Give files uploaded to objects a very restrictive view policy
Summary:
Fixes T4589. This implements much better policy behavior for files that aligns with user expectations.

Currently, all files have permissive visibility.

The new behavior is:

  - Files uploaded via drag-and-drop to the home page or file upload page get permissive visibility, for ease of quickly sharing things like screenshots.
  - Files uploaded via the manual file upload control get permissive visibility by default, but the user can select the policy they want at upload time in an explicit/obvious way.
  - Files uploaded via drag-and-drop anywhere else (e.g., comments or Pholio) get restricted visibility (only the uploader).
    - When the user applies a transaction to the object which uses the file, we attach the file to the object and punch a hole through the policies: if you can see the object, you can see the file.
    - This rule requires things to use ApplicationTransactions, which is why this took so long to fix.
    - The "attach stuff to the object" code has been in place for a long time and works correctly.

I'll land D8498 after this lands, too.

Test Plan:
  - Uploaded via global homepage upload and file drag-and-drop upload, saw permissive visibility.
  - Uploaded via comment area, saw restricted visibility.
  - After commenting, verified links were established and the file became visible to users who could see the attached object.
  - Verified Pholio (which is a bit of a special case) correctly attaches images.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4589

Differential Revision: https://secure.phabricator.com/D10131
2014-08-02 14:46:13 -07:00
..
behavior-active-nav.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-audio-source.js Implement macros as audio sources 2013-09-27 16:02:02 -07:00
behavior-autofocus.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-choose-control.js Move project icon editing into "Edit Details" 2014-06-26 09:41:07 -07:00
behavior-crop.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-dark-console.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
behavior-device.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-drag-and-drop-textarea.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
behavior-error-log.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-fancy-datepicker.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
behavior-file-tree.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-form.js Apply some linter auto-fixes 2014-08-02 19:03:02 +10:00
behavior-gesture.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-global-drag-and-drop.js Give files uploaded to objects a very restrictive view policy 2014-08-02 14:46:13 -07:00
behavior-high-security-warning.js Add "High Security" mode to support multi-factor auth 2014-04-27 17:31:11 -07:00
behavior-history-install.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-hovercard.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-keyboard-pager.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-keyboard-shortcuts.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-konami.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-lightbox-attachments.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-line-linker.js Fix a JS issue in Paste 2014-05-30 10:07:33 -07:00
behavior-more.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-object-selector.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
behavior-oncopy.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
behavior-phabricator-nav.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-phabricator-remarkup-assist.js Various minor JSHint fixes. 2014-07-01 06:00:12 +10:00
behavior-refresh-csrf.js Provide a global router for Ajax requests 2014-05-05 10:57:42 -07:00
behavior-remarkup-preview.js Partially generalize Remarkup previews and add support to Differential 2013-08-05 10:46:39 -07:00
behavior-reorder-applications.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-reveal-content.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-search-typeahead.js Share more code between tokenizers and global typeahead 2014-07-17 15:52:58 -07:00
behavior-select-on-click.js Remove unused JavaScript variables. 2014-06-24 03:27:47 +10:00
behavior-toggle-class.js Remove @group annotations 2014-07-10 08:12:48 +10:00
behavior-tokenizer.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-tooltip.js Move project icon editing into "Edit Details" 2014-06-26 09:41:07 -07:00
behavior-watch-anchor.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
behavior-workflow.js Provide a global router for Ajax requests 2014-05-05 10:57:42 -07:00
Busy.js Fix full width form layouts 2013-07-03 20:24:28 -07:00
DragAndDropFileUpload.js Give files uploaded to objects a very restrictive view policy 2014-08-02 14:46:13 -07:00
DraggableList.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
FileUpload.js Various linter fixes. 2014-02-26 12:44:58 -08:00
Hovercard.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
KeyboardShortcut.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
KeyboardShortcutManager.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
MultirowRowManager.js Change double quotes to single quotes in JavaScript. 2014-06-24 03:35:39 +10:00
Notification.js Various linter fixes. 2014-02-26 12:44:58 -08:00
phtize.js Use JsShrink if jsxmin is not available 2013-05-18 17:04:22 -07:00
Prefab.js Fix rendering of project slugs in tokenizer UI 2014-07-21 06:44:27 -07:00
ShapedRequest.js Provide a global router for Ajax requests 2014-05-05 10:57:42 -07:00
TextAreaUtils.js Move js/application/core/ one level up 2013-04-23 10:56:46 -07:00
ToolTip.js Fixing tooltips not appearing in fullscreen editor 2014-04-12 05:59:36 -07:00