Page MenuHomePhabricator
Differential D10822

Phriction - stop leaking document titles you can't see
ClosedPublic
Actions

Authored by btrahan on Nov 9 2014, 2:41 AM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Apr 24, 11:41 PM
Unknown Object (File)
Sat, Apr 20, 2:18 PM
Unknown Object (File)
Sat, Apr 20, 2:18 PM
Unknown Object (File)
Sat, Apr 20, 2:18 PM
Unknown Object (File)
Sat, Apr 20, 1:57 PM
Unknown Object (File)
Sat, Apr 20, 1:33 PM
Unknown Object (File)
Thu, Apr 11, 7:58 AM
Unknown Object (File)
Mon, Apr 1, 4:52 PM
View All Files
Subscribers
epriestley
Korvin
Tokens
"Doubloon" token, awarded by chad.

Details

Reviewers
epriestley
Maniphest Tasks
T6495: Phriction document titles are visible even if you can't see the document
Commits
Restricted Diffusion Commit
rP9252d2a579e3: Phriction - stop leaking document titles you can't see
Summary

Fixes T6495. convert ad hoc query to a PhrictionDocumentQuery, thus enforcing view permissions

Test Plan

noted my test user a had a great wiki while test user b couldn't see most things.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

btrahan updated this revision to Diff 25977.Nov 9 2014, 2:41 AM
btrahan added a task: T6495: Phriction document titles are visible even if you can't see the document.
btrahan retitled this revision from to Phriction - stop leaking document titles you can't see.
btrahan updated this object.
btrahan edited the test plan for this revision. (Show Details)
btrahan added a reviewer: epriestley.
Herald added subscribers: epriestley, Korvin. · View Herald TranscriptNov 9 2014, 2:41 AM
Harbormaster completed remote builds in B3001: Diff 25977.Nov 9 2014, 2:41 AM
btrahan mentioned this in T6506: Phriction - some weird project ties remain.Nov 9 2014, 2:41 AM
epriestley requested changes to this revision.Nov 9 2014, 1:15 PM
epriestley edited edge metadata.

This looks good, but we need to retain the ORDER BY to deal with the cases where we exceed the limit by having too many children, grandchildren, or both.

src/applications/phriction/controller/PhrictionDocumentController.php
376

Preserving the depth order is important: it guarantees that we got all the children if we get back any grandchildren. That is, if there are 100 children and 500 grandchildren, we might just get back 250 grandchildren if we don't specify the depth order. This leaves us out to dry on actually rendering stuff, since we don't know about any of the children.

Preserving the title order is important too, since if there are 500 children we'd like to get back the first 250, not just any 250.

This revision now requires changes to proceed.Nov 9 2014, 1:15 PM
chad awarded a token.Nov 9 2014, 4:42 PM
btrahan updated this revision to Diff 25995.Nov 11 2014, 9:07 PM
btrahan edited edge metadata.

Preserve order stuff by introducing a new order type of ORDER_HIERARCHY. This also adds a conditional JOIN based on if we are using ORDER_HIERARCHY or not.

Harbormaster completed remote builds in B3013: Diff 25995.Nov 11 2014, 9:08 PM
epriestley accepted this revision.Nov 11 2014, 9:14 PM
epriestley edited edge metadata.
This revision is now accepted and ready to land.Nov 11 2014, 9:14 PM
Closed by commit rP9252d2a579e3: Phriction - stop leaking document titles you can't see (authored by btrahan, committed by btrahan). · Explain WhyNov 11 2014, 9:18 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
phriction/
controller/
59 lines
query/
97 lines

Diff 25996

View Options

src/applications/phriction/controller/PhrictionDocumentController.php

Loading...
View Options

src/applications/phriction/query/PhrictionDocumentQuery.php

Loading...
Phabricator · Built by Phacility