epriestley 621f9de4bb (stable) In Phortune accounts, prevent self-removal more narrowly ... Summary: Currently, Phortune attempts to prevent users from removing themselves as account managers. It does this by checking that the new list includes them. Usually this is sufficient, because you can't normally edit an account unless you're already a manager. However, we get the wrong result (incorrect rejection of the edit) if the actor is omnipotent and the acting user was not already a member. It's okay to edit an account into a state which doesn't include you if you have permission to edit the account and aren't already a manager. Specifically, this supports more formal tooling around staff modifications to billing accounts, where the actor has staff-omnipotence and the acting user is a staff member and only used for purposes of leaving a useful audit trail. Test Plan: Elsewhere, ran staff tooling to modify accounts and was able to act as "alice" to add "bailey", even though "alice" was not herself a manager. Differential Revision: https://secure.phabricator.com/D21288		2020-05-26 07:10:17 -07:00
..
__tests__	Use PhutilClassMapQuery instead of PhutilSymbolLoader	2015-08-14 07:49:01 +10:00
aphront	(stable) When proxying HTTP repository responses from repository nodes, discard content description headers	2020-04-25 07:54:47 -07:00
applications	(stable) In Phortune accounts, prevent self-removal more narrowly	2020-05-26 07:10:17 -07:00
docs	Add "short name", "id", and "phid" variables for external editor URIs	2020-04-19 09:37:53 -07:00
extensions
infrastructure	(stable) Promote 2020 Week 20	2020-05-22 14:22:53 -07:00
view	Add "View Raw Remarkup" to inline comments	2020-05-13 17:14:20 -07:00
__phutil_library_init__.php
__phutil_library_map__.php	Roughly support inline comment suggestions	2020-05-20 14:26:37 -07:00