mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-28 17:52:43 +01:00
e6d8e1a00a
Summary: Ref T603. This closes the other major policy loophole in Herald, which was that you could write a rule like: When [Always], [Add me to CC] ...and end up getting email about everything. These rules are now enforced: - For a //personal// rule to trigger, you must be able to see the object, and you must be able to use the application the object exists in. - In contrast, //global// rules will //always// trigger. Also fixes some small bugs: - Policy control access to thumbnails was overly restrictive. - The Pholio and Maniphest Herald rules applied only the //last// "Add CC" or "Add Project" rules, since each rule overwrote previous rules. Test Plan: - Created "always cc me" herald and maniphest rules with a normal user. - Created task with "user" visibility, saw CC. - Created task with "no one" visibility, saw no CC and error message in transcript ("user can't see the object"). - Restricted Maniphest to administrators and created a task with "user" visibility. Same deal. - Created "user" and "no one" mocks and saw CC and no CC, respectively. - Thumbnail in Pholio worked properly. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7224 |
||
|---|---|---|
| .. | ||
| exception | ||
| HeraldEffect.php | ||
| HeraldEngine.php | ||