Make HeraldRule implement PhabricatorPolicyInterface
8eed5b1f1449
Actions

Authored by epriestley <git@epriestley.com> on Aug 2 2013, 15:21.

Description

Make HeraldRule implement PhabricatorPolicyInterface

Summary:
Ref T603. Ref T2769. Herald currently interacts with policies in a bad way; specifically, I can create a rule which emails me for everything, and thus learn about objects I can't otherwise see.

This shouldn't be possible, so I'm going to reduce personal rules to have only the viewer's scope.

For global rules, I think I'm always going to let any user edit them, but make who the rule acts as part of the configuration. There will be an option to make a rule omnipotent, but only admins (or some other special subset of users) will be able to select it.

Transactions/subscriptions will provide a check against users editing global rules in ways that are bad.

Test Plan: Next diffs.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T603, T2769

Differential Revision: https://secure.phabricator.com/D6649

Details

Committed

epriestley <git@epriestley.com>

Aug 8 2013, 03:03

Pushed

aubort

Jan 31 2017, 17:16

Parents

rPH2820fdc89b60: Add PHIDs to Herald Rules

Branches

Unknown

Tags

Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPH8eed5b1f1449: Make HeraldRule implement PhabricatorPolicyInterface (authored by epriestley <git@epriestley.com>).Aug 8 2013, 03:03

Changes (2)

				Path
	M			src/__phutil_library_map__.php
	M			src/applications/herald/storage/HeraldRule.php

Make HeraldRule implement PhabricatorPolicyInterface8eed5b1f1449Actions

Description

Details

Event Timeline

Changes (2)

rPH8eed5b1f1449

src/__phutil_library_map__.php

src/applications/herald/storage/HeraldRule.php

Make HeraldRule implement PhabricatorPolicyInterface
8eed5b1f1449
Actions