revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2025-02-04 10:58:25 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/transactions/controller
History
epriestley 15cc475cbd When a comment was signed with MFA, require MFA to edit it 
Summary:
Ref PHI1173. Currently, you can edit an MFA'd comment without redoing MFA. This is inconsistent with the intent of the MFA badge, since it means an un-MFA'd comment may have an "MFA" badge on it.

Instead, implement these rules:

  - If a comment was signed with MFA, you MUST MFA to edit it.
  - When removing a comment, add an extra MFA prompt if the user has MFA. This one isn't strictly required, this action is just very hard to undo and seems reasonable to MFA.

Test Plan:
  - Made normal comments and MFA comments.
  - Edited normal comments and MFA comments (got prompted).
  - Removed normal comments and MFA comments (prompted in both cases).
  - Tried to edit an MFA comment without MFA on my account, got a hard "MFA absolutely required" failure.

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D20340
2019-03-28 15:55:14 -07:00
..
PhabricatorApplicationTransactionCommentEditController.php When a comment was signed with MFA, require MFA to edit it 2019-03-28 15:55:14 -07:00
PhabricatorApplicationTransactionCommentHistoryController.php Update transactions for handleRequest 2015-12-02 07:59:36 -08:00
PhabricatorApplicationTransactionCommentQuoteController.php Update transactions for handleRequest 2015-12-02 07:59:36 -08:00
PhabricatorApplicationTransactionCommentRawController.php Correct a "bin/mail" command in "Show Raw Email" help text 2017-01-05 08:59:39 -08:00
PhabricatorApplicationTransactionCommentRemoveController.php When a comment was signed with MFA, require MFA to edit it 2019-03-28 15:55:14 -07:00
PhabricatorApplicationTransactionController.php Policy Transactions - add a details view for custom policy 2014-04-29 09:42:54 -07:00
PhabricatorApplicationTransactionDetailController.php In prose diff dialogs (like "Show Details" in transactions), show "old", "new" and "diff" tabs 2016-11-07 15:18:19 -08:00
PhabricatorApplicationTransactionRemarkupPreviewController.php Support field previews in EditEngine 2015-12-27 08:17:18 -08:00
PhabricatorApplicationTransactionShowOlderController.php Remove "willRenderTimeline()" from ApplicationTransactionInterface 2018-12-20 14:55:07 -08:00
PhabricatorApplicationTransactionValueController.php Modularize Repository transactions 2018-11-28 14:29:18 -08:00
PhabricatorEditEngineConfigurationDefaultCreateController.php Document how to customize forms in ApplicationEditor 2015-12-09 07:30:23 -08:00
PhabricatorEditEngineConfigurationDefaultsController.php Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
PhabricatorEditEngineConfigurationDisableController.php Allow EditEngine configurations to be disabled and marked as "Default" 2015-11-29 08:27:26 -08:00
PhabricatorEditEngineConfigurationEditController.php Allow ApplicationEditor forms to be reconfigured 2015-11-10 10:24:40 -08:00
PhabricatorEditEngineConfigurationIsEditController.php Allow EditEngine forms to be marked as "edit" forms 2015-12-08 13:00:30 -08:00
PhabricatorEditEngineConfigurationListController.php Make "profile menu" configuration mostly work 2016-01-13 11:45:31 -08:00
PhabricatorEditEngineConfigurationLockController.php Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
PhabricatorEditEngineConfigurationReorderController.php Allow "Change Subtype" to be selected from the comment action stack 2018-11-28 13:40:40 -08:00
PhabricatorEditEngineConfigurationSaveController.php Allow ApplicationEditor forms to be reconfigured 2015-11-10 10:24:40 -08:00
PhabricatorEditEngineConfigurationSortController.php Straighten out reorder permissions on form configurations 2015-12-19 07:36:00 -08:00
PhabricatorEditEngineConfigurationSubtypeController.php Replace the informal "array" subtype map with a more formal "SubtypeMap" object 2018-12-09 16:37:35 -08:00
PhabricatorEditEngineConfigurationViewController.php Remove duplicate "Change Default Values" action in form editing workflow 2017-03-22 09:50:38 -07:00
PhabricatorEditEngineController.php Return 404 instead of undefined variable error when trying to edit a non-existent form 2016-02-18 09:54:47 -08:00
PhabricatorEditEngineListController.php Allow ApplicationEditor forms to be reconfigured 2015-11-10 10:24:40 -08:00