1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-11 01:12:41 +01:00
phorge-phorge/src/applications/policy
epriestley c8127edfe9 Tighten up some policy interactions in Herald
Summary:
Ref T603. Herald is a bit of a policy minefield right now, although I think pretty much everything has straightforward solutions. This change:

  - Introduces "create" and "create global" permisions for Herald.
    - Maybe "create" is sort of redundant since there's no reason to have access to the application if not creating rules, but I think this won't be the case for most applications, so having an explicit "create" permission is more consistent.
  - Add some application policy helper functions.
  - Improve rendering a bit -- I think we probably need to build some `PolicyType` class, similar to `PHIDType`, to really get this right.
  - Don't let users who can't use application X create Herald rules for application X.
  - Remove Maniphest/Pholio rules when those applications are not installed.

Test Plan:
  - Restricted access to Maniphest and uninstalled Pholio.
  - Verified Pholio rules no longer appear for anyone.
  - Verified Maniphest ruls no longer appear for restricted users.
  - Verified users without CREATE_GLOBAL can not create global ruls.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7219
2013-10-04 15:15:48 -07:00
..
__tests__ Treat invalid policies as broadly similar to "no one" 2013-10-01 11:25:30 -07:00
application Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
config Move policy config to "Policy" app and make policy.allow-public description scarier 2013-09-27 10:50:19 -07:00
constants Delete license headers from files 2012-11-05 11:16:51 -08:00
controller Explain policy exception rules to users 2013-09-27 08:43:41 -07:00
exception Provide better strings in policy errors and exceptions 2013-09-27 08:43:50 -07:00
filter Tighten up some policy interactions in Herald 2013-10-04 15:15:48 -07:00
interface Use ApplicationSearch in Applications application 2013-10-02 13:13:07 -07:00
management Support unlocking applications with bin/policy 2013-10-03 12:40:20 -07:00
query Explain policy exception rules to users 2013-09-27 08:43:41 -07:00