1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 17:22:42 +01:00
phorge-phorge/src/applications
epriestley cd8b5b82c8 Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine
Summary:
Depends on D19607. Ref T13189. See PHI642. Ref T13186.

Some transactions can sometimes be applied to objects you can not edit. Currently, using `*.edit` to edit an object always explicitly requires CAN_EDIT.

Now that individual transactions require CAN_EDIT by default and can reduce or replace this requirement, stop requiring CAN_EDIT to reach the editor.

The only expected effect of this change is that low-permission edits (like disabling a user, leaving a project, or leaving a thread) can now work via `*.edit`.

Test Plan:
  - Tried to perform a normal edit (changing a task title) against an object with no CAN_EDIT. Still got a permissions error.
  - As a non-admin, disabled other users while holding the "Can Disable Users" permission.
  - As a non-admin, got a permissions error while trying to disable other users while not holding the "Can Disable Users" permission.

Reviewers: amckinley

Maniphest Tasks: T13189, T13186

Differential Revision: https://secure.phabricator.com/D19608
2018-08-27 08:10:08 -07:00
..
almanac When cancelling addition of an Almanac interface, return to the Device page 2018-08-13 11:39:37 -07:00
aphlict minor: fix translation error in exception 2018-06-04 17:46:13 +00:00
arcanist/conduit
audit Support an "Ancestors Of: ..." constraint in commit queries 2018-05-08 15:51:42 -07:00
auth Give PhabricatorAuthPassword a formal CAN_EDIT policy 2018-08-16 11:53:24 -07:00
badges Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
base Revert the alternate menu names for applications 2018-04-08 10:20:24 -07:00
cache Improve compatibility of "Config > Cache Status" across APCu versions 2018-08-08 15:07:03 -07:00
calendar Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
celerity Emit a "Content-Security-Policy" HTTP header 2018-02-27 10:17:30 -08:00
chatlog Remove empty implementations of describeAutomaticCapabilities() 2016-11-09 15:24:22 -08:00
conduit Add an "--as" flag to "bin/conduit call ..." to improve flexibility and ease of profiling 2018-08-08 09:51:21 -07:00
config Document that phd.taskmasters is a local setting, per daemon 2018-08-24 08:08:19 -07:00
conpherence Remove requireCapabilities() from ApplicationTransactionEditor and require CAN_EDIT by default 2018-08-24 17:45:56 -07:00
console Fix some minor errors (DarkConsole warning, unstable Ferret sort) 2018-03-18 15:12:25 -07:00
countdown Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
daemon Fix typo in "button" 2018-06-08 15:09:07 -07:00
dashboard Make the dashboard panel datasource work properly with hundreds of panels 2018-06-28 08:54:29 -07:00
differential In Differential: when the file tree is enabled, default to the "History" tab instead of "Files" 2018-08-24 10:29:35 -07:00
diffusion Support Mercurial "protocaps" wire command 2018-08-23 15:06:25 -07:00
diviner Fix a constant typo in Diviner ("DECLARATAION" -> "TION") 2017-03-04 09:54:10 -08:00
doorkeeper Allow Doorkeeper references to have multiple display variations (full, short, etc.) 2018-03-13 11:29:52 -07:00
draft/storage When purging drafts after a transaction edit, purge all drafts 2018-02-11 06:01:09 -08:00
drydock Make the Drydock repository operation page slightly richer 2018-08-13 11:42:10 -07:00
fact Fix some of the most obvious bugs in fact generation from Maniphest tasks 2018-02-19 12:07:28 -08:00
favorites Add some missing aural button labels for accessibility 2018-08-17 11:00:29 -07:00
feed Add a rough "bin/repository unpublish" workflow to attempt to cleanup improperly published repositories 2018-03-30 08:46:11 -07:00
files Stop indexing the chunk data objects for large Files stored in multiple chunks 2018-08-03 14:36:12 -07:00
flag Remove counts from home navigation 2017-01-21 13:55:40 -08:00
fund Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
guides Make "simple" a "button type", not a "color" 2017-05-30 17:59:37 -07:00
harbormaster Count lines in build log slices more cheaply 2018-07-30 08:25:17 -07:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Support querying Herald rules by monogram in typeahead datsources 2018-08-01 17:52:27 -07:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Make the meme cache case-sensitive 2018-07-26 12:15:32 -07:00
maniphest Enrich "priority" transactions in Maniphest for "transaction.search" 2018-08-24 10:05:05 -07:00
meta Add transactions for installing/uninstalling applications 2018-04-11 08:54:55 -07:00
metamta Fix an issue with error handling when no mailers are available 2018-08-13 11:39:13 -07:00
multimeter Add a cluster.read-only option 2016-04-09 13:40:47 -07:00
notification Fix the most significant "phantom notification" badness 2018-04-19 17:24:19 -07:00
nuance Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
oauthserver Remove client OAuth redirect code which was only partially cleaned up 2018-03-06 20:41:13 -08:00
owners Improve UI and documentation for "Ignore Attributes" in Owners slightly 2018-05-08 14:03:30 -07:00
packages Fixing copy/paste mistake 2017-04-19 15:48:59 -07:00
passphrase Fix spelling 2017-10-09 10:48:04 -07:00
paste Fix Lipsum generators for Differential Revisions and Pastes 2018-07-23 15:05:51 -05:00
people Align web UI "Disable" and "Approve/Disapprove" flows with new "Can Disable Users" permission 2018-08-27 08:09:42 -07:00
phame Revert the alternate menu names for applications 2018-04-08 10:20:24 -07:00
phid Truncate package names in diff table of contents views 2018-06-07 13:17:01 -07:00
phlux Add edge tables for Phlux 2018-04-19 15:49:08 -07:00
pholio Revert the alternate menu names for applications 2018-04-08 10:20:24 -07:00
phortune Add card expiration information to Phortune cart screen 2018-06-02 18:23:44 -07:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Remove PhabricatorFile::buildFromFileDataOrHash() 2017-04-04 16:18:00 -07:00
phrequent Fix spelling 2017-10-09 10:48:04 -07:00
phriction Move the hierarchical edit policy check in Phriction from requireCapabilities() to validateTransactions() 2018-08-16 10:55:11 -07:00
phurl Explicitly add rel="noreferrer" to all external links 2018-02-17 17:46:11 -08:00
policy Extend PhabricatorPolicyCodex interface to handle "interesting" policy defaults 2018-04-27 16:56:11 -07:00
ponder Make Facts more modern, DRY, and dimensional 2018-02-19 12:05:19 -08:00
project Remove requireCapabilities() from ApplicationTransactionEditor and require CAN_EDIT by default 2018-08-24 17:45:56 -07:00
releeph Mostly modularize the Differential "update" transaction 2018-03-06 09:10:32 -08:00
remarkup/conduit
repository Update DiffusionLastModifiedController to use identities 2018-08-17 12:24:21 -07:00
search Document the Ferret "=" operator and improve related documentation 2018-07-23 12:44:43 -07:00
settings Make the filetree view width sticky across show/hide and reload 2018-02-22 13:47:41 -08:00
slowvote Use object PHIDs for "Thread-Topic" headers in mail 2018-02-08 06:21:00 -08:00
spaces Add more mail stamps: tasks, subscribers, projects, spaces 2018-02-06 04:05:46 -08:00
subscriptions Remove requireCapabilities() from ApplicationTransactionEditor and require CAN_EDIT by default 2018-08-24 17:45:56 -07:00
support/application
system Add a generic PHID-based object redirection controller 2018-06-12 11:54:59 -07:00
tokens Property list view on Diffusion commits should show build status but not Subscriptions, Projects, or Tokens 2017-12-01 18:16:26 +00:00
transactions Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine 2018-08-27 08:10:08 -07:00
typeahead Stop the debugging view for typeahead datasources from fataling 2018-04-08 06:16:56 -07:00
uiexample Reduce the cost of generating default user profile images 2018-03-01 16:53:17 -08:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00