Differential D11565

Application Emails - make various user email editing paths respect application emails
ClosedPublic
Actions

Authored by btrahan on Jan 29 2015, 8:07 PM.

Details

Reviewers

epriestley

Maniphest Tasks

Restricted Maniphest Task

Commits

Restricted Diffusion Commit
rP7d309a8e46ca: Application Emails - make various user email editing paths respect…

Summary

Ref T3404. The only mildly sketchy bit is these codepaths all load the application email directly, by-passing privacy. I think this is necessary because not getting to see an application doesn't mean you should be able to break the application by registering a colliding email address.

Test Plan

Tried to add a registered application email to a user account via the web ui and got a pretty error.
Ran unit tests.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

btrahan updated this revision to Diff 27823.Jan 29 2015, 8:07 PM

btrahan added a task: Restricted Maniphest Task.

btrahan retitled this revision from to Application Emails - make various user email editing paths respect application emails.

btrahan updated this object.

btrahan edited the test plan for this revision. (Show Details)

btrahan added a reviewer: epriestley.

Herald added subscribers: epriestley, Korvin. · View Herald TranscriptJan 29 2015, 8:07 PM

add a unit test

btrahan edited the test plan for this revision. (Show Details)Jan 29 2015, 8:12 PM

btrahan mentioned this in D11570: Application emails - move over paste and files.Jan 29 2015, 10:11 PM

See one inline, but when a Query class exists, I think it's preferable to bypass by using the omnipotent user over a raw loadOne call. In this case it doesn't matter too much, but in the case of more complex objects it makes sure they get loaded with all the right attached objects (and it's possible we'll start attaching stuff to these some day, e.g. the Application objects would be maybe-reasonable to attach on load).