1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 01:32:42 +01:00
phorge-phorge/src/applications
epriestley 2a5c987c71 Lock policy queries to their applications
Summary:
While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential.

This has several parts:

  - For PolicyAware queries, provide an application class name method.
  - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally.
  - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles.

Test Plan:
  - Added a unit test to verify I got all the class names right.
  - Browsed around, logged in/out as a normal user with public policies on and off.
  - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Differential Revision: https://secure.phabricator.com/D7367
2013-10-21 17:20:27 -07:00
..
arcanist/conduit Move Conduit methods inside applications 2012-12-21 12:21:59 -08:00
audit Make event-triggered actions more aware of application access 2013-10-21 17:00:50 -07:00
auth Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
base Fix an issue with rendering PHID lists containing null in Maniphest 2013-10-16 12:46:34 -07:00
cache Provide 'bin/cache', for managing caches 2013-05-20 10:16:35 -07:00
calendar Move PHUIFormBoxView to PHUIObjectBoxView 2013-09-25 11:23:29 -07:00
chatlog Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
conduit Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
config Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
conpherence Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
countdown Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
daemon Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
differential Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
diffusion Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
directory/controller Hide Audit information on Home when the application is uninstalled 2013-10-09 15:25:03 -07:00
diviner Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
doorkeeper Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
draft/storage Add draft support to ApplicationTransactions 2012-12-21 05:57:14 -08:00
drydock PHUIPropertyListView 2013-10-11 07:53:56 -07:00
fact Convert AphrontTableView to safe HTML 2013-02-09 15:11:38 -08:00
feed Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
files Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
flag Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
harbormaster Make most repository reads policy-aware 2013-09-25 16:54:48 -07:00
help/controller Make Differential views capability-sensitive 2013-09-26 18:45:04 -07:00
herald Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
legalpad Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
lipsum Kill PhabricatorObjectDataHandle 2013-09-11 12:27:28 -07:00
macro Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
mailinglists Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
maniphest Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
meta Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
metamta Fix "Manage herald rules" link by removing it 2013-10-21 16:58:56 -07:00
notification Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
oauthserver Initialize used variable 2013-07-09 21:55:27 -07:00
owners Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
paste Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
people Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phame Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phid Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phlux Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
pholio Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phortune Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phpast Move PHUIFormBoxView to PHUIObjectBoxView 2013-09-25 11:23:29 -07:00
phrequent Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
phriction Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
policy Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
ponder Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
project Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
releeph Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
remarkup/conduit Convert Remarkup to safe HTML 2013-02-13 12:34:49 -08:00
repository Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
search Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
settings Move "unlisted" apps to Query, use Query for app preferences 2013-10-04 06:46:47 -07:00
slowvote Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
subscriptions Tie application event listeners to the applications they listen for 2013-10-21 17:00:21 -07:00
system Add a user-accessible hook for dumping debug code into an install 2013-03-04 13:45:51 -08:00
tokens Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
transactions Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
typeahead Remove ProjectProfile->loadProfileImageURI() 2013-10-06 17:07:43 -07:00
uiexample Use property tabs in Files 2013-10-19 12:08:06 -07:00
xhprof Make most file reads policy-aware 2013-09-30 09:38:13 -07:00