Don't skip policy checks on ObjectQuery if special capabilities are required
ClosedPublic
Actions

Authored by epriestley on Dec 17 2014, 11:44 PM.

Details

Reviewers

Maniphest Tasks

T6741: Lock Almanac networks, and allow Almanac domain namespaces to be locked

Commits

Restricted Diffusion Commit
rPf5600acb16f0: Don't skip policy checks on ObjectQuery if special capabilities are required

Summary

Ref T6741. As an optimization, we omit policy checks on ObjectQuery, but need to retain them if the query requests non-view permissions. This primarily affected Almanac properties.

Test Plan

Almanac properties now do full policy checks on ObjectQuery loads.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley updated this revision to Diff 26428.Dec 17 2014, 11:44 PM

epriestley retitled this revision from to Don't skip policy checks on ObjectQuery if special capabilities are required.

epriestley updated this object.

epriestley edited the test plan for this revision. (Show Details)

epriestley added a reviewer: btrahan.

epriestley added a task: T6741: Lock Almanac networks, and allow Almanac domain namespaces to be locked.

Herald added a subscriber: epriestley. · View Herald TranscriptDec 17 2014, 11:44 PM

btrahan accepted this revision.Dec 18 2014, 12:47 AM

btrahan edited edge metadata.

This revision is now accepted and ready to land.Dec 18 2014, 12:47 AM

Closed by commit rPf5600acb16f0: Don't skip policy checks on ObjectQuery if special capabilities are required (authored by epriestley, committed by epriestley). · Explain WhyDec 18 2014, 1:04 AM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

phid/

query/

PhabricatorObjectQuery.php

14 lines

Diff 26430

View Options

src/applications/phid/query/PhabricatorObjectQuery.php

Don't skip policy checks on ObjectQuery if special capabilities are requiredClosedPublicActions