ab4743b216
Summary: Currently, PhortuneAccounts have a very open default policy to allow merchants to see and interact with them. This has the undesirable side effect of leaking their names in too many places, because all users are allowed to load the handles for the accounts. Although this information is not super sensitive, we shouldn't expose it. I went through about 5 really messy diffs trying to fix this. It's very complicated because there are a lot of objects and many of them are related to PhortuneAccounts, but PhortuneAccounts are not bound to a specific merchant. This lead to a lot of threading viewers and merchants all over the place through the call stack and some really sketchy diffs with OmnipotentUsers that weren't going anywhere good. This is the cleanest approach I came up with, by far: - Introduce the concept of an "Authority", which gives a user more powers as a viewer. For now, since we only have one use case, this is pretty open-ended. - When a viewer is acting as a merchant, grant them authority through the merchant. - Have Accounts check if the viewer is acting with merchant authority. This lets us easily implement the rule "merchants can see this stuff" without being too broad. Then update the Subscription view to respect Merchant Authority. I partially updated the Cart views to respect it. I'll finish this up in a separate diff, but this seemed like a good checkpoint that introduced the concept without too much extra baggage. This feels pretty good/clean to me, overall, even ignoring the series of horrible messes I made on my way here. Test Plan: - Verified I can see everything I need to as a merchant (modulo un-updated Cart UIs). - Verified I can see nothing when acting as a normal user. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Differential Revision: https://secure.phabricator.com/D11945 |
||
|---|---|---|
| bin | ||
| conf | ||
| externals | ||
| resources | ||
| scripts | ||
| src | ||
| support | ||
| webroot | ||
| .arcconfig | ||
| .arclint | ||
| .editorconfig | ||
| .gitignore | ||
| LICENSE | ||
| NOTICE | ||
| README.md | ||
Phabricator is an open source collection of web applications which help software companies build better software.
Phabricator includes applications for:
- reviewing and auditing source code;
- hosting and browsing repositories;
- assembling a party to venture forth;
- tracking bugs;
- managing projects;
- writing stuff down and reading it later;
- hiding stuff from coworkers; and
- also some other things.
You can learn more about the project (and find links to documentation and resources) at Phabricator.org
Phabricator is developed and maintained by Phacility. The first version of Phabricator was originally built at Facebook.
BUG REPORTS
Please update your install to HEAD before filing bug reports. Follow our bug reporting guide for complete instructions.
FEATURE REQUESTS
We're big fans of feature requests that state core problems, not just 'add this'. We've compiled a short guide to effective upstream requests here.
COMMUNITY CHAT
Please visit our IRC Channel (#phabricator on FreeNode) to talk with other members of the Phabricator community. There might be someone there who can help you with setup issues or what image to choose for a macro.
SECURITY ISSUES
Phabricator participates in HackerOne and may pay out for various issues reported there. You can find out more information on our HackerOne page.
PULL REQUESTS
We do not accept pull requests through GitHub. If you would like to contribute code, please read our Contributor's Guide for more information.
LICENSE
Phabricator is released under the Apache 2.0 license except as otherwise noted.