epriestley 2a5c987c71 Lock policy queries to their applications ... Summary: While we mostly have reasonable effective object accessibility when you lock a user out of an application, it's primarily enforced at the controller level. Users can still, e.g., load the handles of objects they can't actually see. Instead, lock the queries to the applications so that you can, e.g., never load a revision if you don't have access to Differential. This has several parts: - For PolicyAware queries, provide an application class name method. - If the query specifies a class name and the user doesn't have permission to use it, fail the entire query unconditionally. - For handles, simplify query construction and count all the PHIDs as "restricted" so we get a UI full of "restricted" instead of "unknown" handles. Test Plan: - Added a unit test to verify I got all the class names right. - Browsed around, logged in/out as a normal user with public policies on and off. - Browsed around, logged in/out as a restricted user with public policies on and off. With restrictions, saw all traces of restricted apps removed or restricted. Reviewers: btrahan Reviewed By: btrahan CC: aran Differential Revision: https://secure.phabricator.com/D7367		2013-10-21 17:20:27 -07:00
..
arcanist/conduit	Move Conduit methods inside applications	2012-12-21 12:21:59 -08:00
audit	Make event-triggered actions more aware of application access	2013-10-21 17:00:50 -07:00
auth	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
base	Fix an issue with rendering PHID lists containing null in Maniphest	2013-10-16 12:46:34 -07:00
cache	Provide 'bin/cache', for managing caches	2013-05-20 10:16:35 -07:00
calendar	Move PHUIFormBoxView to PHUIObjectBoxView	2013-09-25 11:23:29 -07:00
chatlog	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
conduit	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
config	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
conpherence	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
countdown	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
daemon	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
differential	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
diffusion	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
directory/controller	Hide Audit information on Home when the application is uninstalled	2013-10-09 15:25:03 -07:00
diviner	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
doorkeeper	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
draft/storage	Add draft support to ApplicationTransactions	2012-12-21 05:57:14 -08:00
drydock	PHUIPropertyListView	2013-10-11 07:53:56 -07:00
fact	Convert AphrontTableView to safe HTML	2013-02-09 15:11:38 -08:00
feed	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
files	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
flag	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
harbormaster	Make most repository reads policy-aware	2013-09-25 16:54:48 -07:00
help/controller	Make Differential views capability-sensitive	2013-09-26 18:45:04 -07:00
herald	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
legalpad	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
lipsum	Kill PhabricatorObjectDataHandle	2013-09-11 12:27:28 -07:00
macro	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
mailinglists	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
maniphest	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
meta	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
metamta	Fix "Manage herald rules" link by removing it	2013-10-21 16:58:56 -07:00
notification	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
oauthserver	Initialize used variable	2013-07-09 21:55:27 -07:00
owners	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
paste	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
people	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phame	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phid	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phlux	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
pholio	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phortune	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phpast	Move PHUIFormBoxView to PHUIObjectBoxView	2013-09-25 11:23:29 -07:00
phrequent	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
phriction	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
policy	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
ponder	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
project	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
releeph	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
remarkup/conduit	Convert Remarkup to safe HTML	2013-02-13 12:34:49 -08:00
repository	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
search	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
settings	Move "unlisted" apps to Query, use Query for app preferences	2013-10-04 06:46:47 -07:00
slowvote	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
subscriptions	Tie application event listeners to the applications they listen for	2013-10-21 17:00:21 -07:00
system	Add a user-accessible hook for dumping debug code into an install	2013-03-04 13:45:51 -08:00
tokens	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
transactions	Lock policy queries to their applications	2013-10-21 17:20:27 -07:00
typeahead	Remove ProjectProfile->loadProfileImageURI()	2013-10-06 17:07:43 -07:00
uiexample	Use property tabs in Files	2013-10-19 12:08:06 -07:00
xhprof	Make most file reads policy-aware	2013-09-30 09:38:13 -07:00