Differential D19592

Give PhabricatorAuthPassword a formal CAN_EDIT policy
ClosedPublic
Actions

Authored by epriestley on Aug 16 2018, 5:12 PM.

Details

Reviewers

amckinley

Maniphest Tasks

T13164: Plans: 2018 Week 31 - 33 Bonus Content

Commits

rP0ccf1410e057: Give PhabricatorAuthPassword a formal CAN_EDIT policy

Summary

Depends on D19585. Ref T13164. This is a precursor for D19586, which causes Editors to start doing more explicit CAN_EDIT checks.

Passwords have an Editor, but don't actually define a CAN_EDIT capability. Define one (you can edit a password if you can edit the object the password is associated with).

(Today, this object is always a User -- this table just unified VCS passwords and Account passwords so they can be handled more consistently.)

Test Plan

With D19586, ran unit tests and got a pass.
Edited my own password.
Tried to edit another user's password and wasn't permitted to.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Aug 16 2018, 5:12 PM

Harbormaster completed remote builds in B20629: Diff 46830.Aug 16 2018, 5:13 PM

epriestley requested review of this revision.Aug 16 2018, 5:13 PM

epriestley mentioned this in D19586: Remove requireCapabilities() from ApplicationTransactionEditor and require CAN_EDIT by default.Aug 16 2018, 5:39 PM

amckinley accepted this revision.Aug 16 2018, 6:50 PM

This revision is now accepted and ready to land.Aug 16 2018, 6:50 PM

Closed by commit rP0ccf1410e057: Give PhabricatorAuthPassword a formal CAN_EDIT policy (authored by epriestley). · Explain WhyAug 16 2018, 6:53 PM

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

src/

applications/

auth/

storage/

PhabricatorAuthPassword.php

3 lines

Diff 46841

View Options

src/applications/auth/storage/PhabricatorAuthPassword.php

Give PhabricatorAuthPassword a formal CAN_EDIT policyClosedPublicActions