1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-24 07:42:40 +01:00
phorge-phorge/src/applications/transactions
epriestley e4e4810b89 Make the "you can't edit away your edit capability" policy check generic
Summary:
Ref T4379. Currently, you can edit away your edit capability in Projects. Prevent this in a general way.

Since some objects have complex edit policies (like "the owner can always edit"), we can't just check the value itself. We also can't fairly assume that every object has a `setEditPolicy()` method, even though almost all do right now. Instead, provide a way to pretend we've completed the edit and changed the policy.

Test Plan: Unit tests, tried to edit away my edit capability.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4379

Differential Revision: https://secure.phabricator.com/D8179
2014-02-10 14:31:16 -08:00
..
application Transactions - make the details stuff generic and ajaxy 2013-08-22 16:45:14 -07:00
constants Move Project transaction storage to modern tables 2013-10-22 13:49:28 -07:00
controller Make Maniphest detail page react to viewer capabilities 2013-09-25 13:44:52 -07:00
editor Make the "you can't edit away your edit capability" policy check generic 2014-02-10 14:31:16 -08:00
error Route task merges through new editor 2013-09-23 14:32:32 -07:00
exception Allow custom fields to have validation logic 2013-09-18 15:31:58 -07:00
feed Wrap the feed text rendering stuff with htmlspecialchars_decode 2014-02-03 17:05:30 -08:00
interface Integrate subscriptions with ApplicationTransactions 2013-02-17 06:37:09 -08:00
phid Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
query Lock policy queries to their applications 2013-10-21 17:20:27 -07:00
response Transactions - make the details stuff generic and ajaxy 2013-08-22 16:45:14 -07:00
storage Implment ApplicationTransaction grouping rules 2013-12-27 05:51:15 -08:00
view Implment ApplicationTransaction grouping rules 2013-12-27 05:51:15 -08:00