Page MenuHomePhabricator

Remove Join Policy from Phame
ClosedPublic

Authored by chad on Nov 9 2015, 4:16 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Dec 9, 8:30 AM
Unknown Object (File)
Sun, Dec 8, 5:07 AM
Unknown Object (File)
Wed, Dec 4, 11:20 AM
Unknown Object (File)
Mon, Dec 2, 8:17 AM
Unknown Object (File)
Mon, Dec 2, 8:16 AM
Unknown Object (File)
Mon, Dec 2, 8:15 AM
Unknown Object (File)
Thu, Nov 28, 2:51 PM
Unknown Object (File)
Thu, Nov 28, 3:33 AM
Subscribers

Details

Summary

Drops Join Policy, uses Edit Policy where needed. Allows anyone with Blog Edit permissions to post and edit any post on that blog. Fixes T5371

Test Plan

Draft Post as chad, see post, log in with notchad, edit that post and publish it.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

chad retitled this revision from to Remove Join Policy from Phame.
chad updated this object.
chad edited the test plan for this revision. (Show Details)
chad added a reviewer: epriestley.
epriestley edited edge metadata.

Cool, I think this is a good simplification. It's also easy for us to add a separate policy back later if we need it, but harder to remove this policy once we unprototype.

src/applications/phame/conduit/PhameCreatePostConduitAPIMethod.php
75–78

You should also require CAN_VIEW here.

src/applications/phame/storage/PhamePost.php
197–212

At some point in the future we should make sure getBlog() always exists (I think this is an artifact of an earlier time when a post could belong to multiple blogs) and clean this up, but it's fine for now.

This revision is now accepted and ready to land.Nov 9 2015, 3:12 PM
This revision was automatically updated to reflect the committed changes.
chad marked 2 inline comments as done.