mirror of
https://we.phorge.it/source/phorge.git
synced 2024-12-20 20:40:56 +01:00
No description
e6d8e1a00a
Summary: Ref T603. This closes the other major policy loophole in Herald, which was that you could write a rule like: When [Always], [Add me to CC] ...and end up getting email about everything. These rules are now enforced: - For a //personal// rule to trigger, you must be able to see the object, and you must be able to use the application the object exists in. - In contrast, //global// rules will //always// trigger. Also fixes some small bugs: - Policy control access to thumbnails was overly restrictive. - The Pholio and Maniphest Herald rules applied only the //last// "Add CC" or "Add Project" rules, since each rule overwrote previous rules. Test Plan: - Created "always cc me" herald and maniphest rules with a normal user. - Created task with "user" visibility, saw CC. - Created task with "no one" visibility, saw no CC and error message in transcript ("user can't see the object"). - Restricted Maniphest to administrators and created a task with "user" visibility. Same deal. - Created "user" and "no one" mocks and saw CC and no CC, respectively. - Thumbnail in Pholio worked properly. Reviewers: btrahan Reviewed By: btrahan CC: aran Maniphest Tasks: T603 Differential Revision: https://secure.phabricator.com/D7224 |
||
---|---|---|
bin | ||
conf | ||
externals | ||
resources | ||
scripts | ||
src | ||
support | ||
webroot | ||
.arcconfig | ||
.divinerconfig | ||
.editorconfig | ||
.gitignore | ||
LICENSE | ||
NOTICE | ||
README |
Phabricator is an open source collection of web applications which make it easier to write, review, and share source code. Phabricator was developed at Facebook. It's pretty high-quality and usable, but under active development so things may change quickly. You can learn more about the project and find links to documentation and resources at: http://phabricator.org/ LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted.