Homec4science

Scramble file secrets when related objects change policies

Authored by epriestley <git@epriestley.com> on Apr 6 2016, 21:10.

Description

Scramble file secrets when related objects change policies

Summary:
Ref T10262. Files have an internal secret key which is partially used to control access to them, and determines part of the URL you need to access them. Scramble (regenerate) the secret when:

  • the view policy for the file itself changes (and the new policy is not "public" or "all users"); or
  • the view policy or space for an object the file is attached to changes (and the file policy is not "public" or "all users").

This basically means that when you change the visibility of a task, any old URLs for attached files stop working and new ones are implicitly generated.

Test Plan:

  • Attached a file to a task, used SELECT * FROM file WHERE id = ... to inspect the secret.
  • Set view policy to public, same secret.
  • Set view policy to me, new secret.
  • Changed task view policy, new secret.
  • Changed task space, new secret.
  • Changed task title, same old secret.
  • Added and ran unit tests which cover this behavior.

Reviewers: chad

Reviewed By: chad

Maniphest Tasks: T10262

Differential Revision: https://secure.phabricator.com/D15641

Details

Committed
epriestley <git@epriestley.com>Apr 6 2016, 23:14
Pushed
aubortJan 31 2017, 17:16
Parents
rPH9b3c09d248ec: Put older milestones back on the left
Branches
Unknown
Tags
Unknown

Event Timeline

epriestley <git@epriestley.com> committed rPHf9836cb646f8: Scramble file secrets when related objects change policies (authored by epriestley <git@epriestley.com>).Apr 6 2016, 23:14