Page MenuHomePhabricator
Differential D19608

Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in EditEngine
ClosedPublic
Actions

Authored by epriestley on Aug 27 2018, 2:56 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Dec 27, 3:17 PM
Unknown Object (File)
Fri, Dec 27, 12:35 AM
Unknown Object (File)
Mon, Dec 16, 11:42 PM
Unknown Object (File)
Fri, Dec 13, 8:11 PM
Unknown Object (File)
Dec 3 2024, 10:03 AM
Unknown Object (File)
Nov 27 2024, 10:16 PM
Unknown Object (File)
Nov 27 2024, 9:38 PM
Unknown Object (File)
Nov 26 2024, 12:46 PM
View All Files
Subscribers
None

Details

Reviewers
amckinley
Maniphest Tasks
T13186: Upgrading: Legacy "Can Edit <Field>" policies in Maniphest; requireCapabilities() in TransactionEditor
T13189: Plans: 2018 Week 35 Bonus Content
Commits
rPcd8b5b82c860: Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in…
Summary

Depends on D19607. Ref T13189. See PHI642. Ref T13186.

Some transactions can sometimes be applied to objects you can not edit. Currently, using *.edit to edit an object always explicitly requires CAN_EDIT.

Now that individual transactions require CAN_EDIT by default and can reduce or replace this requirement, stop requiring CAN_EDIT to reach the editor.

The only expected effect of this change is that low-permission edits (like disabling a user, leaving a project, or leaving a thread) can now work via *.edit.

Test Plan
  • Tried to perform a normal edit (changing a task title) against an object with no CAN_EDIT. Still got a permissions error.
  • As a non-admin, disabled other users while holding the "Can Disable Users" permission.
  • As a non-admin, got a permissions error while trying to disable other users while not holding the "Can Disable Users" permission.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Aug 27 2018, 2:56 PM
Harbormaster completed remote builds in B20678: Diff 46873.Aug 27 2018, 2:58 PM
epriestley requested review of this revision.Aug 27 2018, 2:58 PM
This revision was not accepted when it landed; it landed in state Needs Review.Aug 27 2018, 3:10 PM
Closed by commit rPcd8b5b82c860: Stop requiring CAN_EDIT to reach the TransactionEditor via "*.edit" in… (authored by epriestley). · Explain Why
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

PathSize
src/
applications/
transactions/
editengine/
14 lines

Diff 46878

View Options

src/applications/transactions/editengine/PhabricatorEditEngine.php

Loading...
Phabricator · Built by Phacility