Page MenuHomePhabricator

Remove some defunct old-style transaction policy checks
ClosedPublic

Authored by epriestley on Nov 6 2017, 7:07 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 26, 12:29 PM
Unknown Object (File)
Wed, Mar 20, 6:03 PM
Unknown Object (File)
Feb 15 2024, 2:59 PM
Unknown Object (File)
Jan 25 2024, 12:49 AM
Unknown Object (File)
Jan 20 2024, 4:36 PM
Unknown Object (File)
Jan 16 2024, 5:48 PM
Unknown Object (File)
Jan 12 2024, 5:50 PM
Unknown Object (File)
Jan 8 2024, 5:41 PM
Subscribers
None

Details

Summary

Ref PHI193. This method of enforcing policy checks is now (mostly) obsolete, and they're generally checked at the Controller/API level instead.

Notably, this method does not call adjustObjectForPolicyChecks(...) properly, so it can not handle special cases like "creating a project and taking its newly created members into account" for object policies like "Project Members".

Just remove these checks, which are redundant with checks elsewhere.

Test Plan
  • Set Project application default edit policy to "Administrators and Project Members".
  • Tried to create a project as a non-administrator, adding myself.
  • Before patch: policy fatal on a VOID object (the project with no PHID generated yet).
  • After patch: object created properly. Got a sensible policy error if I didn't include myself as a member.
  • Also verified that other edit rules are still enforced/respected (I can't edit stuff I shouldn't be able to edit).
  • There's at least a bit of unit test coverage of this, too, which I updated to work via API (which hits the new broad capability checks) instead of via low-level transactions (which enforce only a subset of policy operations now).

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable