phorge-phorge

mirror of https://we.phorge.it/source/phorge.git synced 2025-01-31 08:58:20 +01:00

No description

Find a file

epriestley 944539a786 Simplify locking of Almanac cluster services Summary: Fixes T6741. Ref T10246. Broadly, we want to protect Almanac cluster services: - Today, against users in the Phacility cluster accidentally breaking their own instances. - In the future, against attackers compromising administrative accounts and adding a new "cluster database" which points at hardware they control. The way this works right now is really complicated: there's a global "can create cluster services" setting, and then separate per-service and per-device locks. Instead, change "Can Create Cluster Services" into "Can Manage Cluster Services". Require this permission (in addition to normal permissions) to edit or create any cluster service. This permission can be locked to "No One" via config (as we do in the Phacility cluster) so we only need this one simple setting. There's also zero reason to individually lock //some// of the cluster services. Also improve extended policy errors. The UI here is still a little heavy-handed, but should be good enough for the moment. Test Plan: - Ran migrations. - Verified that cluster services and bindings reported that they belonged to the cluster. - Edited a cluster binding. - Verified that the bound device was marked as a cluster device - Moved a cluster binding, verified the old device was unmarked as a cluster device. - Tried to edit a cluster device as an unprivileged user, got a sensible error. {F1126552} Reviewers: chad Reviewed By: chad Maniphest Tasks: T6741, T10246 Differential Revision: https://secure.phabricator.com/D15339		2016-02-25 03:38:39 -08:00
bin	Move diff extraction from commits to a separate test with a CLI command	2016-01-08 09:22:37 -08:00
conf	Mark some strings for translation	2015-06-09 23:06:52 +10:00
externals	Swap S3 to first-party client	2016-01-10 07:55:27 -08:00
resources	Simplify locking of Almanac cluster services	2016-02-25 03:38:39 -08:00
scripts	Update import/clear symbols scripts for callsigns	2016-02-18 09:55:57 -08:00
src	Simplify locking of Almanac cluster services	2016-02-25 03:38:39 -08:00
support	Fix HTTP body decompression in PHP 5.6	2016-02-20 14:55:05 -08:00
webroot	Fix Ponder Exception, spacing	2016-02-23 20:37:58 -08:00
.arcconfig	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.arclint	Apply phutil XHPAST linter standard	2015-11-13 07:09:12 +11:00
.arcunit	Use the configuration driven unit test engine	2015-08-11 07:57:11 +10:00
.editorconfig	Fix text lint issues	2015-02-12 07:00:13 +11:00
.gitignore	Add custom Cows and Figlet directories to .gitignore	2015-10-08 20:23:05 -07:00
LICENSE	Fix text lint issues	2015-02-12 07:00:13 +11:00
NOTICE	Update Phabricator NOTICE file to reflect modern legal circumstances	2014-06-25 13:42:13 -07:00
README.md	Remove push to IRC from "readme.md" too	2015-10-24 18:39:16 -07:00

README.md

Phabricator is a collection of web applications which help software companies build better software.

Phabricator includes applications for:

reviewing and auditing source code;
hosting and browsing repositories;
tracking bugs;
managing projects;
conversing with team members;
assembling a party to venture forth;
writing stuff down and reading it later;
hiding stuff from coworkers; and
also some other things.

You can learn more about the project (and find links to documentation and resources) at Phabricator.org

Phabricator is developed and maintained by Phacility.

SUPPORT RESOURCES

For resources on filing bugs, requesting features, reporting security issues, and getting other kinds of support, see Support Resources.

NO PULL REQUESTS!

We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide.

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.