Page MenuHomePhabricator

Apply application visibility checks during normal object filtering
ClosedPublic

Authored by epriestley on Jan 1 2017, 7:10 PM.
Tags
None
Referenced Files
F12861391: D17127.id41194.diff
Fri, Mar 29, 2:08 PM
Unknown Object (File)
Tue, Mar 26, 2:38 PM
Unknown Object (File)
Wed, Mar 20, 10:24 PM
Unknown Object (File)
Wed, Mar 20, 10:24 PM
Unknown Object (File)
Feb 12 2024, 12:43 PM
Unknown Object (File)
Feb 8 2024, 2:10 PM
Unknown Object (File)
Jan 21 2024, 11:34 AM
Unknown Object (File)
Nov 30 2023, 11:27 AM
Subscribers
None

Details

Summary

Fixes T9058. Normally, "Query" classes apply an application check and just don't load anything if it fails.

However, in some cases (like email recipient filtering) we run policy checks without having run a Query check first. In that case, one user (the actor) loads the object, then we filter it against other users (the recipeints).

Explicitly apply the application check during normal filtering.

Test Plan

Added a failing test case and made it pass.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

This revision is now accepted and ready to land.Jan 2 2017, 1:10 AM
This revision was automatically updated to reflect the committed changes.