mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-15 03:12:41 +01:00
c8127edfe9
Summary: Ref T603. Herald is a bit of a policy minefield right now, although I think pretty much everything has straightforward solutions. This change: - Introduces "create" and "create global" permisions for Herald. - Maybe "create" is sort of redundant since there's no reason to have access to the application if not creating rules, but I think this won't be the case for most applications, so having an explicit "create" permission is more consistent. - Add some application policy helper functions. - Improve rendering a bit -- I think we probably need to build some `PolicyType` class, similar to `PHIDType`, to really get this right. - Don't let users who can't use application X create Herald rules for application X. - Remove Maniphest/Pholio rules when those applications are not installed. Test Plan: - Restricted access to Maniphest and uninstalled Pholio. - Verified Pholio rules no longer appear for anyone. - Verified Maniphest ruls no longer appear for restricted users. - Verified users without CREATE_GLOBAL can not create global ruls. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7219 |
||
|---|---|---|
| .. | ||
| HeraldController.php | ||
| HeraldDeleteController.php | ||
| HeraldNewController.php | ||
| HeraldRuleController.php | ||
| HeraldRuleEditHistoryController.php | ||
| HeraldRuleListController.php | ||
| HeraldRuleViewController.php | ||
| HeraldTestConsoleController.php | ||
| HeraldTranscriptController.php | ||
| HeraldTranscriptListController.php | ||