If your install isn't public, users can't see the Auth or People applications while logged out, so we can't load their invites.
Allow this query to go through no matter who the viewing user is.
Details
Details
- Reviewers
btrahan chad - Commits
- Restricted Diffusion Commit
rP6d5aec86181c: Allow logged-out users to accept invites on nonpublic installs
Invite flow on admin.phacility.com now works better.
Diff Detail
Diff Detail
- Repository
- rP Phabricator
- Lint
Lint Not Applicable - Unit
Tests Not Applicable
Event Timeline
| src/applications/auth/query/PhabricatorAuthInviteQuery.php | ||
|---|---|---|
| 110–114 | When you visit say https://secure.phabricator.com/applications/edit/PhabricatorAuthApplication/ there's a nice note about how everyone should be able to use it, blah blah... Anyway this magic can be combined? Just asking in case there's already some other fancy flag set. | |
Comment Actions
The Applications setting means "most open policy", so it's either "all users" or "public" depending on the public setting. It's desirable for "required" applications to adhere to "most open policy", so you can't go browse Files on a non-public install or whatever. We could introduce some other flag, but I don't think we can merge them, and I think it would end up being more complicated in the long run.
I believe this isn't the only query to use null to opt out of application checks, although I don't recall where else it might be used offhand. We could possibly review/formalize this at some point, but it doesn't feel too uncomfortable to me.
Comment Actions
(The text could be more clear to us if it said "most open policy", but I suspect "all users" is more clear to most users?)