revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-27 17:22:42 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src/applications
History
epriestley e44b40ca4d Make "Subscribe/Unsubscribe" require only "CAN_VIEW", not "CAN_INTERACT" 
Summary:
Ref T13249. See PHI1059. Currently, Subscribe/Unsubscribe require CAN_INTERACT via the web UI and no permissions (i.e., effectively CAN_VIEW) via the API.

Weaken the requirements from the web UI so that you do not need "CAN_INTERACT". This is a product change to the effect that it's okay to subscribe/unsubscribe from anything you can see, even hard-locked tasks. This generally seems reasonable.

Increase the requirements for the actual transaction, which mostly applies to API changes:

  - To remove subscribers other than yourself, require CAN_EDIT.
  - To add subscribers other than yourself, require CAN_EDIT or CAN_INTERACT. You may have CAN_EDIT but not CAN_INTERACT on "soft locked" tasks. It's okay to click "Edit" on these, click "Yes, override lock", then remove subscribers other than yourself.

This technically plugs some weird, mostly theoretical holes in the API where "attackers" could sometimes make more subscription changes than they should have been able to. Now that we send you email when you're unsubscribed this could only really be used to be mildly mischievous, but no harm in making the policy enforcement more correct.

Test Plan: Against normal, soft-locked, and hard-locked tasks: subscribed, unsubscribed, added and removed subscribers, overrode locks, edited via API. Everything worked like it should and I couldn't find any combination of lock state, policy state, and edit pathway that did anything suspicious.

Reviewers: amckinley

Reviewed By: amckinley

Maniphest Tasks: T13249

Differential Revision: https://secure.phabricator.com/D20174
2019-02-19 10:52:34 -08:00
..
almanac Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
aphlict Add a CLI workflow for testing that notifications are being delivered 2018-12-10 16:05:53 -08:00
arcanist/conduit
audit Make "bin/audit delete" synchronize commit audit status, and improve "bin/audit synchronize" documentation 2019-02-13 05:50:14 -08:00
auth When users follow an email login link but an install does not use passwords, try to get them to link an account 2019-02-15 14:41:31 -08:00
badges Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
base Read "$_POST" before hooking the profiler, and remove "aphront.default-application-configuration-class" 2019-01-30 06:22:41 -08:00
cache Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
calendar Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
celerity Remove an old digest in Celerity code and some obsolete configuration options 2019-01-04 13:43:38 -08:00
chatlog Replace "getRequestURI()->setQueryParams(array())" with "getPath()" 2019-02-12 14:43:33 -08:00
conduit Add icons to Settings 2019-01-23 13:41:41 -08:00
config Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
conpherence Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
console Fix some minor errors (DarkConsole warning, unstable Ferret sort) 2018-03-18 15:12:25 -07:00
countdown Allow multiple mail receivers to react to an individual email 2019-01-16 12:28:02 -08:00
daemon Continue cleaning up queries in the wake of changes to "%Q" 2018-11-16 12:49:44 -08:00
dashboard Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
differential Give HarbormasterBuildUnitMessage a real Query class 2019-02-15 19:16:47 -08:00
diffusion Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
diviner Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
doorkeeper Allow Doorkeeper references to have multiple display variations (full, short, etc.) 2018-03-13 11:29:52 -07:00
draft/storage When purging drafts after a transaction edit, purge all drafts 2018-02-11 06:01:09 -08:00
drydock Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
fact Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
favorites Add some missing aural button labels for accessibility 2018-08-17 11:00:29 -07:00
feed Add formal setup guidance warning that "feed.http-hooks" will be removed in a future version of Phabricator 2019-02-07 14:54:09 -08:00
files Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
flag Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
fund Improve UI/UX when users try to add an invalid card with Stripe 2019-02-09 05:54:42 -08:00
guides Rename "PHUIDocumentViewPro" to "PHUIDocumentView" 2018-08-28 14:53:07 -07:00
harbormaster Give HarbormasterBuildUnitMessage a real Query class 2019-02-15 19:16:47 -08:00
help Redesign header menus and search 2017-01-17 12:13:06 -08:00
herald Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
home Update menu item names for Applications -> Favorites 2017-09-05 19:05:03 -07:00
legalpad Remove weird integration between Legalpad and the ExternalAccount table 2019-02-07 15:00:00 -08:00
lipsum Add "--force" and "--quickly" flags to bin/lipsum 2017-02-27 09:09:41 -08:00
macro Fix a URI construction in remarkup macro/meme rules 2019-02-15 14:08:46 -08:00
maniphest Allow task statuses to specify that either "comments" or "edits" are "locked" 2019-02-15 19:18:40 -08:00
meta Modularize Repository transactions 2018-11-28 14:29:18 -08:00
metamta Replace "getRequestURI()->setQueryParams(array())" with "getPath()" 2019-02-12 14:43:33 -08:00
multimeter Fix a PhutilURI issue in Multimeter 2019-02-17 17:39:34 -08:00
notification Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
nuance Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
oauthserver Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
owners Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
packages Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
passphrase Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw" 2019-02-07 14:56:38 -08:00
paste Remove "metamta.*.subject-prefix" options 2019-01-17 19:18:50 -08:00
people Make external link/refresh use provider IDs, switch external account MFA to one-shot 2019-02-12 15:18:08 -08:00
phame Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw" 2019-02-07 14:56:38 -08:00
phid Truncate package names in diff table of contents views 2018-06-07 13:17:01 -07:00
phlux Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw" 2019-02-07 14:56:38 -08:00
pholio Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
phortune Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
phpast Update phpast for new UI 2016-04-05 13:52:59 -07:00
phragment Update many Phabricator queries for new %Q query semantics 2018-11-15 03:48:10 -08:00
phrequent Remove old Phrequent propery rendering code and show "Time Spent" in higher precision 2018-12-28 00:07:25 -08:00
phriction Clean up a couple more URI alter() calls 2019-02-15 14:07:17 -08:00
phurl Remove "getApplicationTransactionObject()" from ApplicationTransactionInterface 2018-12-20 15:16:19 -08:00
policy Allow task statuses to specify that either "comments" or "edits" are "locked" 2019-02-15 19:18:40 -08:00
ponder Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
project Fix a PhutilURI issue in workboards 2019-02-19 09:01:10 -08:00
releeph Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
remarkup/conduit phtize all the things 2015-05-22 21:16:39 +10:00
repository Replace "URI->setQueryParams()" after initialization with a constructor argument 2019-02-14 11:46:37 -08:00
search Queue search indexing tasks at a new PRIORITY_INDEX, not PRIORITY_IMPORT 2019-02-15 14:16:28 -08:00
settings Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
slowvote Fix two very, very minor correctness issues in Slowvote 2019-02-07 12:45:11 -08:00
spaces Make the default behavior of getApplicationTransactionCommentObject() "return null" instead of "throw" 2019-02-07 14:56:38 -08:00
subscriptions Make "Subscribe/Unsubscribe" require only "CAN_VIEW", not "CAN_INTERACT" 2019-02-19 10:52:34 -08:00
support/application
system Update PhabricatorLiskDAO::chunkSQL() for new %Q semantics 2018-11-13 08:59:18 -08:00
tokens Allow tokens to be awarded to MFA-required objects 2018-12-28 00:14:48 -08:00
transactions Make "Subscribe/Unsubscribe" require only "CAN_VIEW", not "CAN_INTERACT" 2019-02-19 10:52:34 -08:00
typeahead Replace all "setQueryParam()" calls with "remove/replaceQueryParam()" 2019-02-14 11:56:39 -08:00
uiexample Reduce the cost of generating default user profile images 2018-03-01 16:53:17 -08:00
xhprof Allow XHProf profiles to be drag-and-dropped to upload them 2017-02-23 11:16:19 -08:00