phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 01:32:42 +01:00

History

epriestley 587faa6f67 Remove some defunct old-style transaction policy checks Summary: Ref PHI193. This method of enforcing policy checks is now (mostly) obsolete, and they're generally checked at the Controller/API level instead. Notably, this method does not call `adjustObjectForPolicyChecks(...)` properly, so it can not handle special cases like "creating a project and taking its newly created members into account" for object policies like "Project Members". Just remove these checks, which are redundant with checks elsewhere. Test Plan: - Set Project application default edit policy to "Administrators and Project Members". - Tried to create a project as a non-administrator, adding myself. - Before patch: policy fatal on a VOID object (the project with no PHID generated yet). - After patch: object created properly. Got a sensible policy error if I didn't include myself as a member. - Also verified that other edit rules are still enforced/respected (I can't edit stuff I shouldn't be able to edit). - There's at least a bit of unit test coverage of this, too, which I updated to work via API (which hits the new broad capability checks) instead of via low-level transactions (which enforce only a subset of policy operations now). Reviewers: amckinley Reviewed By: amckinley Differential Revision: https://secure.phabricator.com/D18763	2017-11-07 15:34:51 -08:00
..
PhabricatorProjectCoreTestCase.php	Remove some defunct old-style transaction policy checks	2017-11-07 15:34:51 -08:00

epriestley 587faa6f67 Remove some defunct old-style transaction policy checks

Summary:
Ref PHI193. This method of enforcing policy checks is now (mostly) obsolete, and they're generally checked at the Controller/API level instead.

Notably, this method does not call `adjustObjectForPolicyChecks(...)` properly, so it can not handle special cases like "creating a project and taking its newly created members into account" for object policies like "Project Members".

Just remove these checks, which are redundant with checks elsewhere.

Test Plan:
  - Set Project application default edit policy to "Administrators and Project Members".
  - Tried to create a project as a non-administrator, adding myself.
  - Before patch: policy fatal on a VOID object (the project with no PHID generated yet).
  - After patch: object created properly. Got a sensible policy error if I didn't include myself as a member.
  - Also verified that other edit rules are still enforced/respected (I can't edit stuff I shouldn't be able to edit).
  - There's at least a bit of unit test coverage of this, too, which I updated to work via API (which hits the new broad capability checks) instead of via low-level transactions (which enforce only a subset of policy operations now).

Reviewers: amckinley

Reviewed By: amckinley

Differential Revision: https://secure.phabricator.com/D18763

2017-11-07 15:34:51 -08:00

PhabricatorProjectCoreTestCase.php

Remove some defunct old-style transaction policy checks

2017-11-07 15:34:51 -08:00