1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-24 06:20:56 +01:00
phorge-phorge/src
epriestley a9704428ff In Audit, use repository identities to prevent author-auditors
Summary:
See PHI2015. Diffusion attempts to prevent a commit's author from being made an auditor, but currently uses an out-of-date method for identifying the author.

Use the modern ("Repository Identity" aware) method instead.

Test Plan:
  - Authored a commit as user "X", mapped to my account.
  - Pushed/imported/discovered it.
  - Changed the identity mapping for "X" from my account to a different account.
  - Tried to add myself as an auditor.
    - Before: error, "author can't be an auditor".
    - After: succeeds.
  - Tried to add the newly mapped user as an auditor. This correctly fails with the "author can't be an auditor" error.

It's possible to put commits into a wonky state by remapping the author identity to a user who is already an auditor, but I think that isn't important and we can't do much about it, realistically.

Differential Revision: https://secure.phabricator.com/D21594
2021-03-04 09:33:49 -08:00
..
__tests__ Use PhutilClassMapQuery instead of PhutilSymbolLoader 2015-08-14 07:49:01 +10:00
aphront Restructure Hovercards to support more context information 2021-02-13 13:37:36 -08:00
applications In Audit, use repository identities to prevent author-auditors 2021-03-04 09:33:49 -08:00
docs Update install and upgrade documentation for libphutil 2021-02-08 10:20:00 -08:00
extensions
infrastructure Never return external connections to the GlobalLock connection pool 2021-03-02 13:44:17 -08:00
view When a reviewer can't see a revision, show it clearly in the reviewer list 2021-02-13 13:37:37 -08:00
__phutil_library_init__.php
__phutil_library_map__.php Provide a more general "Author" transaction for Differential 2021-03-03 15:49:22 -08:00