Page MenuHomePhabricator
Differential D16161

Check CAN_VIEW and CAN_EDIT at SearchAttachController
ClosedPublic
Actions

Authored by chad on Jun 22 2016, 2:46 AM.
Tags
None
Referenced Files
F14055528: D16161.diff
Sat, Nov 16, 12:48 PM
F14051186: D16161.diff
Thu, Nov 14, 10:52 PM
F14040245: D16161.diff
Mon, Nov 11, 8:22 AM
F14024300: D16161.diff
Thu, Nov 7, 8:03 AM
F14009688: D16161.id38880.diff
Wed, Oct 30, 10:58 PM
F14009687: D16161.id38878.diff
Wed, Oct 30, 10:58 PM
F14009686: D16161.id38877.diff
Wed, Oct 30, 10:58 PM
F14009685: D16161.id.diff
Wed, Oct 30, 10:58 PM
View All Files
Subscribers
Korvin
Tokens
"Piece of Eight" token, awarded by epriestley.

Details

Reviewers
epriestley
Maniphest Tasks
T11193: UI: The wrong options are greyed out.
Commits
rP83c470123151: Check CAN_VIEW and CAN_EDIT at SearchAttachController
Summary

Fixes T11193. Assume this is the correct place to check for permissions before attaching edges.

Test Plan

Create a task and set edit policy to Admins, log into test account. Try to Edit Subtasks, Merge Duplicates, Attach a Diff, or Attach a Mock, get a Policy Dialog explaing why.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

chad updated this revision to Diff 38877.Jun 22 2016, 2:46 AM
chad retitled this revision from to Check CAN_VIEW and CAN_EDIT at SearchAttachController.
chad updated this object.
chad edited the test plan for this revision. (Show Details)
chad added a reviewer: epriestley.
chad added a task: T11193: UI: The wrong options are greyed out..
Herald added a subscriber: Korvin. · View Herald TranscriptJun 22 2016, 2:46 AM
chad updated this revision to Diff 38878.Jun 22 2016, 2:49 AM
  • Also test the Admin side
epriestley accepted this revision.Jun 22 2016, 12:20 PM
epriestley edited edge metadata.

I think this is the right rule. It does create this sort of weird outcome when you can only edit one of the objects at the ends of a relationship. For example, if you can edit task X but not revision Y, you can edit the relationship between them from the task page but not the revision page.

I think this is actually reasonable/consistent/desirable and aligns with expectations, though, at least for "X is related to Y".

For "merge", we probably want to require that you be able to edit both tasks, but all of this is likely getting modularized/refreshed shortly anyway.

This revision is now accepted and ready to land.Jun 22 2016, 12:20 PM
epriestley awarded a token.Jun 22 2016, 12:20 PM
Closed by commit rP83c470123151: Check CAN_VIEW and CAN_EDIT at SearchAttachController (authored by chad, committed by chad). · Explain WhyJun 22 2016, 2:00 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
maniphest/
controller/
2 lines
pholio/
event/
1 line
search/
controller/
5 lines

Diff 38880

View Options

src/applications/maniphest/controller/ManiphestTaskDetailController.php

Loading...
View Options

src/applications/pholio/event/PholioActionMenuEventListener.php

Loading...
View Options

src/applications/search/controller/PhabricatorSearchAttachController.php

Loading...
Phabricator · Built by Phacility