Page MenuHomePhabricator

Application Emails - make various user email editing paths respect application emails
ClosedPublic

Authored by btrahan on Jan 29 2015, 8:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Dec 19, 8:10 PM
Unknown Object (File)
Fri, Dec 6, 5:02 AM
Unknown Object (File)
Sat, Nov 30, 12:08 PM
Unknown Object (File)
Tue, Nov 26, 11:08 PM
Unknown Object (File)
Fri, Nov 22, 8:42 PM
Unknown Object (File)
Nov 18 2024, 10:44 AM
Unknown Object (File)
Nov 9 2024, 6:14 PM
Unknown Object (File)
Nov 6 2024, 4:02 AM
Subscribers

Details

Reviewers
epriestley
Maniphest Tasks
Restricted Maniphest Task
Commits
Restricted Diffusion Commit
rP7d309a8e46ca: Application Emails - make various user email editing paths respect…
Summary

Ref T3404. The only mildly sketchy bit is these codepaths all load the application email directly, by-passing privacy. I think this is necessary because not getting to see an application doesn't mean you should be able to break the application by registering a colliding email address.

Test Plan

Tried to add a registered application email to a user account via the web ui and got a pretty error.
Ran unit tests.

Diff Detail

Repository
rP Phabricator
Branch
T3404
Lint
Lint Passed
Unit
Tests Passed
Build Status
Buildable 4161
Build 4174: [Placeholder Plan] Wait for 30 Seconds

Event Timeline

btrahan added a task: Restricted Maniphest Task.
btrahan retitled this revision from to Application Emails - make various user email editing paths respect application emails.
btrahan updated this object.
btrahan edited the test plan for this revision. (Show Details)
btrahan added a reviewer: epriestley.
epriestley edited edge metadata.

See one inline, but when a Query class exists, I think it's preferable to bypass by using the omnipotent user over a raw loadOne call. In this case it doesn't matter too much, but in the case of more complex objects it makes sure they get loaded with all the right attached objects (and it's possible we'll start attaching stuff to these some day, e.g. the Application objects would be maybe-reasonable to attach on load).

src/applications/auth/controller/PhabricatorAuthRegisterController.php
66

"shoud"

69–70

Prefer bypass with OmnipotentUser instead of a raw query? Then we pick up linked objects, etc., properly.

This revision is now accepted and ready to land.Jan 29 2015, 10:33 PM
btrahan edited edge metadata.

changes as requested

This revision was automatically updated to reflect the committed changes.