Page MenuHomePhabricator
Differential D11660

Policy - make ManiphestTaskQuery verify project visibility first thing
ClosedPublic
Actions

Authored by btrahan on Feb 3 2015, 9:14 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Apr 3, 1:42 AM
Unknown Object (File)
Tue, Mar 26, 4:29 PM
Unknown Object (File)
Tue, Mar 26, 4:16 AM
Unknown Object (File)
Tue, Mar 26, 4:15 AM
Unknown Object (File)
Tue, Mar 26, 4:15 AM
Unknown Object (File)
Tue, Mar 26, 4:15 AM
Unknown Object (File)
Tue, Mar 26, 4:15 AM
Unknown Object (File)
Mar 24 2024, 1:08 AM
View All Files
Subscribers
epriestley
Korvin

Details

Reviewers
epriestley
Maniphest Tasks
T7094: Clean up T603
Commits
Restricted Diffusion Commit
rPda1531f219d0: Policy - make ManiphestTaskQuery verify project visibility first thing
Summary

Fixes T7094 (last of many revisions). Its important to do this filtering ASAP so that users can't deduce the identify of an unknown / invisible project.

Test Plan

executed a query for tasks in project foo using user bar. using user foo, lock user bar out of project foo. reissued the query and saw "no data" as well as "restricted project" in the project typeahead.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

btrahan updated this revision to Diff 28068.Feb 3 2015, 9:14 PM
btrahan added a task: T7094: Clean up T603.
btrahan retitled this revision from to Policy - make ManiphestTaskQuery verify project visibility first thing.
btrahan updated this object.
btrahan edited the test plan for this revision. (Show Details)
btrahan added a reviewer: epriestley.
Herald added subscribers: epriestley, Korvin. · View Herald TranscriptFeb 3 2015, 9:14 PM
btrahan added inline comments.Feb 3 2015, 9:14 PM
src/applications/maniphest/query/ManiphestTaskQuery.php
270

this is probably not necessary, it just seemed nice to normalize the array indices again

epriestley accepted this revision.Feb 3 2015, 9:38 PM
epriestley edited edge metadata.

I think this logic could move to willExecute(), which would mean fewer queries in the event that we need to page several times.

This revision is now accepted and ready to land.Feb 3 2015, 9:38 PM
btrahan added a comment.Feb 3 2015, 9:49 PM
In D11660#111758, @epriestley wrote:

I think this logic could move to willExecute(), which would mean fewer queries in the event that we need to page several times.

The PhabricatorEmptyQueryException doesn't get caught if you throw it from willExecute. I figure two options

  • no change
  • move code to willExecute, but rather than throw set member variable "projectPolicyCheckFailed". loadPage() then throws the EmptyQueryException if this variable is set

I'll submit the latter for review in a second.

btrahan updated this revision to Diff 28073.Feb 3 2015, 9:50 PM
btrahan edited edge metadata.

changes

epriestley added a comment.Feb 3 2015, 9:52 PM

Ah, right. Looks good.

epriestley added a comment.Feb 3 2015, 9:52 PM

I guess option (3) would be to try/catch for "EmptyQuery" earlier. That also seems reasonable to me, but is a more invasive change.

btrahan added a comment.Feb 3 2015, 9:53 PM

...haha, I didn't specify that option 'cuz it looks scary. :/

Closed by commit rPda1531f219d0: Policy - make ManiphestTaskQuery verify project visibility first thing (authored by btrahan, committed by btrahan). · Explain WhyFeb 3 2015, 9:53 PM
This revision was automatically updated to reflect the committed changes.
epriestley added a comment.Feb 3 2015, 9:54 PM

Yeah, let's go with this and maybe I'll do (3) the next time we hit this. We do have test coverage and stuff so in theory it shouldn't be tooooo terrible, but it doesn't seem worth it to muck around there if we're only getting a tiny cleanup here.

Revision Contents
Changeset List

PathSize
src/
applications/
maniphest/
query/
34 lines

Diff 28074

View Options

src/applications/maniphest/query/ManiphestTaskQuery.php

Loading...
Phabricator · Built by Phacility