1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-25 23:10:57 +01:00
phorge-phorge/src/applications/transactions
epriestley f214abb63f When a change removes recipients from an object, send them one last email
Summary:
Depends on D19018. Fixes T4776. Ref T13053. When you remove someone from an object's recipient list (for example, by removing them a reviewer, auditor, subscriber, owner or author) we currently do not send them mail about it because they're no longer connected to the object.

In many of these cases (Commandeer, Reassign) the actual action in the UI adds them back to the object somehow (as a reviewer or subscriber, respectively) so this doesn't actually matter. However, there's no recovery mechanism for reviewer or subscriber removal.

This is slightly bad from a policy/threat viewpoint since it means an attacker can remove all the recipients of an object "somewhat" silently. This isn't really silent, but it's less un-silent than it should be.

It's also just not very good from a human interaction perspective: if Alice removes Bob as a reviewer, possibly "against his will", he should be notified about that. In the good case, Alice wrote a nice goodbye note that he should get to read. In the bad case, he should get a chance to correct the mistake.

Also add a `removed(@user)` mail stamp so you can route these locally if you want.

Test Plan:
  - Created and edited some different objects without catching anything broken.
  - Removed subscribers from tasks, saw the final email include the removed recipients with a `removed()` stamp.

I'm not totally sure this doesn't have any surprising behavior or break any weird objects, but I think anything that crops up should be easy to fix.

Reviewers: amckinley

Subscribers: sophiebits

Maniphest Tasks: T13053, T4776

Differential Revision: https://secure.phabricator.com/D19019
2018-02-08 06:28:11 -08:00
..
application Allow EditEngine forms for objects which support subtyping to have a subtype configured 2017-03-02 04:18:06 -08:00
bulk Add a bin/bulk export CLI tool to make debugging and profiling large exports easier 2018-01-30 11:11:13 -08:00
commentaction When accepting revisions, allow users to accept on behalf of a subset of reviewers 2017-03-22 14:25:04 -07:00
conduit Provide some more detailed information about inline comments in "transaction.search" 2017-08-24 15:26:50 -07:00
constants When an object which supports subtypes is created, set its subtype to the creating form's subtype 2017-03-02 04:18:23 -08:00
controller Remove duplicate "Change Default Values" action in form editing workflow 2017-03-22 09:50:38 -07:00
data Don't re-mention users for comment edits 2016-06-13 13:57:59 -07:00
draft Show yellow "draft" bubble in Audit 2017-01-16 10:28:59 -08:00
edges Add a generic "edge.search" method 2017-03-04 15:26:29 -08:00
editengine Organize bulk edit actions into nice groups 2018-01-19 13:22:25 -08:00
editfield Accept null via conduit.edit to unassign a task 2018-01-31 15:33:52 -08:00
editor When a change removes recipients from an object, send them one last email 2018-02-08 06:28:11 -08:00
edittype Accept null via conduit.edit to unassign a task 2018-01-31 15:33:52 -08:00
engineextension When a change removes recipients from an object, send them one last email 2018-02-08 06:28:11 -08:00
error Allow users to unset "Editor", tailor short error messages properly on settings forms 2016-06-05 14:03:02 -07:00
exception Mark some strings for translation 2015-06-09 23:06:52 +10:00
feed Add AuthorHref to feed story images 2017-02-07 10:09:00 -08:00
interface Transactions - adding willRenderTimeline to handle tricky cases 2014-12-04 13:58:52 -08:00
phid Allow ApplicationEditor forms to be reconfigured 2015-11-10 10:24:40 -08:00
query Fix transaction queries using withComments() for transactions with no comments 2017-10-02 09:09:53 -07:00
replyhandler Modularize content sources 2016-03-26 11:59:45 -07:00
response Make inline comment preview and submission mostly work on EditEngine 2016-12-31 10:10:29 -08:00
storage Allow revisions to revert commits and one another, and commits to revert revisions 2018-02-02 08:25:58 -08:00
typeahead Don't allow forms which can't create objects to be added to profile menus 2017-02-16 15:45:11 -08:00
view Prepare TransactionEditor for silent transactions via bulk edit 2018-01-19 13:23:38 -08:00
worker Cache user notification and message counts 2016-06-05 08:52:43 -07:00
xaction Modularize application transactions in Paste, mostly 2016-06-14 06:13:28 -07:00