revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-04 12:42:43 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/phortune
History
epriestley a3213ab20b In Phortune, use actual merchant authority (not authority grants) to control account visibility 
Summary:
Depends on D20715. Ref T13366. See that task for discussion.

Replace the unreliable "grantAuthority()"-based check with an actual "can the viewer edit any merchant this account has a relationship with?" check.

This makes these objects easier to use from a policy perspective and makes it so that the `Query` alone can fully enforce permissions properly with no setup, so general infrastructure (like handles and transactions) works properly with Phortune objects.

Test Plan: Viewed merchants and accounts as users with no authority, direct authority on the account, and indirect authority via a merchant relationship.

Maniphest Tasks: T13366

Differential Revision: https://secure.phabricator.com/D20716
2019-08-22 21:01:55 -07:00
..
__tests__ Fix member edit transaction validation so it works for both implicit and explicit account creation 2017-04-14 10:24:15 -07:00
action Simplify implementation of "SysetemAction->getSystemActionConstant()" 2019-07-19 15:45:37 -07:00
application Add scaffolding for ad-hoc email addresses associated with Phortune accounts 2019-08-22 20:57:35 -07:00
capability Add Merchants to Phortune 2014-10-07 10:55:16 -07:00
cart Extend from Phobject 2015-06-15 18:02:27 +10:00
constants Add scaffolding for ad-hoc email addresses associated with Phortune accounts 2019-08-22 20:57:35 -07:00
contentsource Modularize content sources 2016-03-26 11:59:45 -07:00
control phtize all the things 2015-05-22 21:16:39 +10:00
controller In Phortune, use actual merchant authority (not authority grants) to control account visibility 2019-08-22 21:01:55 -07:00
currency phtize all the things 2015-05-22 21:16:39 +10:00
edge In Phortune, write relationships between payment accounts and merchants they interact with 2019-08-22 21:01:04 -07:00
editor In Phortune, write relationships between payment accounts and merchants they interact with 2019-08-22 21:01:04 -07:00
exception Improve UI/UX when users try to add an invalid card with Stripe 2019-02-09 05:54:42 -08:00
mail phtize all the things 2015-05-22 21:16:39 +10:00
management Fix errors found by PHPStan 2017-02-18 09:24:56 +00:00
pdf Add very basic support for generating PDF documents 2019-08-01 10:50:24 -07:00
phid In Phortune, write relationships between payment accounts and merchants they interact with 2019-08-22 21:01:04 -07:00
product Add an after-purchase hook to subscriptions in Phortune 2017-07-07 16:39:47 -07:00
provider Remove WePay support from Phortune, and Restful/Httpful dependencies 2019-05-14 09:14:53 -07:00
query In Phortune, use actual merchant authority (not authority grants) to control account visibility 2019-08-22 21:01:55 -07:00
storage In Phortune, use actual merchant authority (not authority grants) to control account visibility 2019-08-22 21:01:55 -07:00
subscription Add an after-purchase hook to subscriptions in Phortune 2017-07-07 16:39:47 -07:00
view Allow Phortune accounts to customize their billing address and name 2019-01-16 16:16:27 -08:00
worker Consider "all account members are disabled" to be a permanent failure when billing a Phortune subscription 2019-06-24 15:29:31 -07:00
xaction Add scaffolding for ad-hoc email addresses associated with Phortune accounts 2019-08-22 20:57:35 -07:00