1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-28 01:32:42 +01:00
phorge-phorge/src/applications/files
epriestley e6d8e1a00a Make Herald rules obey policies during application
Summary:
Ref T603. This closes the other major policy loophole in Herald, which was that you could write a rule like:

  When [Always], [Add me to CC]

...and end up getting email about everything. These rules are now enforced:

  - For a //personal// rule to trigger, you must be able to see the object, and you must be able to use the application the object exists in.
  - In contrast, //global// rules will //always// trigger.

Also fixes some small bugs:

  - Policy control access to thumbnails was overly restrictive.
  - The Pholio and Maniphest Herald rules applied only the //last// "Add CC" or "Add Project" rules, since each rule overwrote previous rules.

Test Plan:
  - Created "always cc me" herald and maniphest rules with a normal user.
  - Created task with "user" visibility, saw CC.
  - Created task with "no one" visibility, saw no CC and error message in transcript ("user can't see the object").
  - Restricted Maniphest to administrators and created a task with "user" visibility. Same deal.
  - Created "user" and "no one" mocks and saw CC and no CC, respectively.
  - Thumbnail in Pholio worked properly.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603

Differential Revision: https://secure.phabricator.com/D7224
2013-10-05 12:55:34 -07:00
..
application File - add transactions and editor 2013-09-05 13:11:02 -07:00
conduit Make most file reads policy-aware 2013-09-30 09:38:13 -07:00
config Support audio files with HTML5 <audio /> 2013-09-27 10:51:25 -07:00
controller Make Herald rules obey policies during application 2013-10-05 12:55:34 -07:00
editor Add support for more granular sending of email in application transactions 2013-09-13 15:08:17 -07:00
engine Muck around with Diviner method documentation display 2013-09-08 09:15:22 -07:00
engineselector Delete license headers from files 2012-11-05 11:16:51 -08:00
exception Delete license headers from files 2012-11-05 11:16:51 -08:00
lipsum Made Changes to Mock and File generation after pushing some methods to superclass 2013-05-06 13:32:01 -07:00
mail File - add transactions and editor 2013-09-05 13:11:02 -07:00
management Convert bin/files to ObjectQuery 2013-09-30 12:23:18 -07:00
phid Policy - introduce parentQuery and pass around policy configuration from parent to child 2013-09-11 12:19:34 -07:00
query Provide an attached-to-visible-object policy exception for files 2013-10-01 08:43:34 -07:00
remarkup Modernize file embed Remarkup rule 2013-10-01 18:03:09 -07:00
storage Modernize file embed Remarkup rule 2013-10-01 18:03:09 -07:00
view Fix file upload redirect URI 2013-05-31 14:35:25 -07:00
PhabricatorImageTransformer.php PNG thumbnail compression 2013-09-11 09:31:28 -07:00