Homec4science
Diffusion Phabricator 40be2d53743c

(stable) Fix excessively strict "Can Use Application" policy filtering
40be2d53743c
Actions

Authored by epriestley <git@epriestley.com> on Jan 8 2017, 19:53.

Description

(stable) Fix excessively strict "Can Use Application" policy filtering

Summary:
Ref T9058. The stricter filtering is over-filtering Handles. For example, in the Phacility cluster, users can not see Almanac services.

So this filtering happens:

  • The AlmanacServiceQuery filters the service beacuse they can't see the application.
  • The HandleQuery generates a "you can't see this" handle.
  • But then the HandleQuery filters that handle! It has a "service" PHID and the user can't see Almanac.

This violates the assumption that all application code makes about handles: it's OK to query handles for objects you can't see, and you'll get something back.

Instead, don't do application filtering on handles.

Test Plan:

  • Added a failing test and made it pass.
  • As a user who can not see Almanac, viewed an Instances timeline.
    • Before patch: fatal on trying to load a handle for a Service.
    • After patch: smooth sailing.

Reviewers: chad

Maniphest Tasks: T9058

Differential Revision: https://secure.phabricator.com/D17152

Details

Committed
epriestley <git@epriestley.com>Jan 8 2017, 20:01
Pushed
aubortJan 31 2017, 17:16
Parents
rPHea9c0607e1fb: (stable) Promote 2017 Week 1
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH40be2d53743c: (stable) Fix excessively strict "Can Use Application" policy filtering (authored by epriestley <git@epriestley.com>).Jan 8 2017, 20:01

Changes (2)

Path
Msrc/applications/policy/filter/PhabricatorPolicyFilter.php
Msrc/applications/project/__tests__/PhabricatorProjectCoreTestCase.php

rPH40be2d53743c

View Options

src/applications/policy/filter/PhabricatorPolicyFilter.php

Loading...
View Options

src/applications/project/__tests__/PhabricatorProjectCoreTestCase.php

Loading...
c4science ยท Help