Page MenuHomePhabricator
Differential D11632

Policy - add an explanation for automatic capabilities for transactions and transaction comments
ClosedPublic
Actions

Authored by btrahan on Feb 2 2015, 10:12 PM.
Tags
None
Referenced Files
F14098250: D11632.id27999.diff
Tue, Nov 26, 8:44 AM
F14098249: D11632.id27995.diff
Tue, Nov 26, 8:44 AM
F14098246: D11632.id.diff
Tue, Nov 26, 8:44 AM
F14098082: D11632.diff
Tue, Nov 26, 8:25 AM
Unknown Object (File)
Mon, Nov 18, 3:37 PM
Unknown Object (File)
Thu, Nov 14, 8:55 PM
Unknown Object (File)
Sun, Nov 10, 12:45 PM
Unknown Object (File)
Tue, Nov 5, 8:51 PM
View All Files
Subscribers
epriestley
Korvin

Details

Reviewers
epriestley
Maniphest Tasks
T7094: Clean up T603
Commits
Restricted Diffusion Commit
rP0969b0d8c87d: Policy - add an explanation for automatic capabilities for transactions and…
Summary

Ref T7094. I am not sure when this text is legitimately exposed to users - they should be getting an error about not being able to see the object before they get an error about not being able to see a given transaction... That said, I think this text is logically correct at least.

Test Plan

read the text

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

btrahan updated this revision to Diff 27995.Feb 2 2015, 10:12 PM
btrahan added a task: T7094: Clean up T603.
btrahan retitled this revision from to Policy - add an explanation for automatic capabilities for transactions and transaction comments.
btrahan updated this object.
btrahan edited the test plan for this revision. (Show Details)
btrahan added a reviewer: epriestley.
Herald added subscribers: epriestley, Korvin. · View Herald TranscriptFeb 2 2015, 10:12 PM
epriestley accepted this revision.Feb 2 2015, 10:16 PM
epriestley edited edge metadata.

Yeah, I think this isn't exposed to users.

The text seems a little bit off to me, since "edit the comment so long as ... edit capabilities for the underlying object" is not correct: you can edit comments even if you can not edit the underlying object.

From a purely technical point of view, these are the policies we implement:

  • Comments are always publicly visible.
  • A comment can only be edited by the author of the comment.

However, in practice, we also always add this rule:

  • To see a comment, you must be able to see the object the comment is on.

So maybe text like this?

Comments are visible to users who can see the object which was commented on. Comments can be edited by their authors.

This revision is now accepted and ready to land.Feb 2 2015, 10:16 PM
epriestley added a comment.Feb 2 2015, 10:18 PM

The "murky" bit is just that we're setting public as the policy, technically speaking, and only enforcing the tighter policy in practice by always checking objects first.

Possibly, we should make Comments do an attach/load sort of thing and strictly bind them to the policies of their objects, but I think that would be a lot of work for a very marginal benefit. The only case I could see it preventing a programming error is in a future transaction.querycomments sort of method.

Closed by commit rP0969b0d8c87d: Policy - add an explanation for automatic capabilities for transactions and… (authored by btrahan, committed by btrahan). · Explain WhyFeb 2 2015, 10:41 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
transactions/
storage/
6 lines
5 lines

Diff 27999

View Options

src/applications/transactions/storage/PhabricatorApplicationTransaction.php

Loading...
View Options

src/applications/transactions/storage/PhabricatorApplicationTransactionComment.php

Loading...
Phabricator · Built by Phacility