revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 17:52:43 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications/policy
History
epriestley cf1ccc995e Apply application visibility checks during normal object filtering 
Summary:
Fixes T9058. Normally, "Query" classes apply an application check and just don't load anything if it fails.

However, in some cases (like email recipient filtering) we run policy checks without having run a Query check first. In that case, one user (the actor) loads the object, then we filter it against other users (the recipeints).

Explicitly apply the application check during normal filtering.

Test Plan: Added a failing test case and made it pass.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T9058

Differential Revision: https://secure.phabricator.com/D17127
2017-01-02 10:00:00 -08:00
..
__tests__ Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
application Allow different policy rules for different types of objects 2015-06-13 15:44:03 -07:00
capability Use getPhobjectClassConstant() to access class constants 2015-10-01 16:56:21 -07:00
codex Require several advanced postgraduate degrees to understand object policies 2016-11-09 15:05:38 -08:00
config Move FontIcon calls to Icon 2016-01-28 08:48:45 -08:00
constants Extend from Phobject 2015-06-15 18:02:27 +10:00
controller Fix some policy CSS 2016-11-11 13:43:13 -08:00
editor Fix an issue with editing pre-space objects using a form with no visibility controls 2016-02-18 11:15:40 -08:00
engineextension Allow *.search Conduit API methods to have data bulk-loaded by extensions 2016-07-31 11:15:18 -07:00
exception Modernize OAuthserver and provide more context on "no permission" exception 2015-09-03 10:05:23 -07:00
filter Apply application visibility checks during normal object filtering 2017-01-02 10:00:00 -08:00
interface Require several advanced postgraduate degrees to understand object policies 2016-11-09 15:05:38 -08:00
management phtize all the things 2015-05-22 21:16:39 +10:00
phid Mark PhabricatorPHIDType::getPHIDTypeApplicationClass() as abstract 2015-11-03 06:47:12 +11:00
query Modernize "favorite project policies" setting 2016-06-04 14:42:11 -07:00
rule Fix flaky subscribers policy rule unit test 2016-12-11 12:27:57 -08:00
storage Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
view Require several advanced postgraduate degrees to understand object policies 2016-11-09 15:05:38 -08:00