Homec4science

Tweak application and maniphest editors to handle policy corner cases better

Authored by Bob Trahan <btrahan@phacility.com> on Mar 13 2014, 21:50.

Description

Tweak application and maniphest editors to handle policy corner cases better

Summary:
Fixes T4362. If you have a default edit + view policy of "no one" things get weird when you try to create a task - basically its impossible.

Ergo, re-jigger how we do policy checks just a bit.

  • if its a new object, don't bother with the "can the $actor edit this thing by virtue of having can see / can edit priveleges?" That makes no sense on create.
  • add a hook so when doing the "will $actor still be able to edit this thing after all the edits" checks the object can be updated to its ultimate state. This matters for Maniphest as being the owner lets you do all sorts of stuff.

Test Plan:

  • made a task with no one policy and assigned to no one - exception
  • made a task with no one policy and assigned to me - success
    • made a comment on the task - success
    • reassigned the task to another user - exception
    • reassigned the task to another user and updated policies to "users" - success

Reviewers: epriestley

Reviewed By: epriestley

Subscribers: aran, epriestley, Korvin

Maniphest Tasks: T4362

Differential Revision: https://secure.phabricator.com/D8508

Details

Committed
Bob Trahan <btrahan@phacility.com>Mar 13 2014, 21:50
Pushed
aubortJan 31 2017, 17:16
Parents
rPHa9f38e55e5e4: Modernize Facebook OAuth instructions
Branches
Unknown
Tags
Unknown

Event Timeline

Bob Trahan <btrahan@phacility.com> committed rPHe6118bcbaf7d: Tweak application and maniphest editors to handle policy corner cases better (authored by Bob Trahan <btrahan@phacility.com>).Mar 13 2014, 21:50