1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-22 05:20:56 +01:00
phorge-phorge/resources
epriestley 9181929ebc Give files uploaded to objects a very restrictive view policy
Summary:
Fixes T4589. This implements much better policy behavior for files that aligns with user expectations.

Currently, all files have permissive visibility.

The new behavior is:

  - Files uploaded via drag-and-drop to the home page or file upload page get permissive visibility, for ease of quickly sharing things like screenshots.
  - Files uploaded via the manual file upload control get permissive visibility by default, but the user can select the policy they want at upload time in an explicit/obvious way.
  - Files uploaded via drag-and-drop anywhere else (e.g., comments or Pholio) get restricted visibility (only the uploader).
    - When the user applies a transaction to the object which uses the file, we attach the file to the object and punch a hole through the policies: if you can see the object, you can see the file.
    - This rule requires things to use ApplicationTransactions, which is why this took so long to fix.
    - The "attach stuff to the object" code has been in place for a long time and works correctly.

I'll land D8498 after this lands, too.

Test Plan:
  - Uploaded via global homepage upload and file drag-and-drop upload, saw permissive visibility.
  - Uploaded via comment area, saw restricted visibility.
  - After commenting, verified links were established and the file became visible to users who could see the attached object.
  - Verified Pholio (which is a bit of a special case) correctly attaches images.

Reviewers: btrahan

Reviewed By: btrahan

Subscribers: epriestley

Maniphest Tasks: T4589

Differential Revision: https://secure.phabricator.com/D10131
2014-08-02 14:46:13 -07:00
..
builtin Add an icon+background selector for project images 2013-10-17 09:32:34 -07:00
celerity Give files uploaded to objects a very restrictive view policy 2014-08-02 14:46:13 -07:00
chatbot Remove PhabricatorBotDifferentialNotificationHandler reference in example_config.json for phabot 2014-06-11 09:36:30 -07:00
font Made Meme Generator 2013-01-19 18:43:43 -08:00
sprite Add new login icons 2014-06-27 21:04:07 -07:00
sql Move Audit to proper Subscriptions 2014-08-02 00:06:13 -07:00
sshd Update repository hosting documentation for all the issues users have hit 2014-03-26 06:44:18 -07:00