Page MenuHomePhabricator

Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy behavior

Authored by epriestley on Dec 19 2018, 12:04 AM.



Depends on D19912. Ref T11351. Images currently use getMock()->getPolicy() stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers for the image when the intent is to evaluate the subscribers for the mock.

Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it).

Test Plan

Applied migrations, created and edited mocks and images without anything blowing up. Set mock visibility to "Subscribers", everything worked great.

Diff Detail

rP Phabricator
Automatic diff as part of commit; lint not applicable.
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

Owners added a subscriber: Restricted Owners Package.Dec 19 2018, 12:04 AM

An actual bug which this fixes which no one has ever reported AFAIK but which reproduces pretty easily:

  • Set a mock visibility to "Subscribers".
  • Add "alice" as a subscriber.
  • Mock author is anyone else.
  • View mock as "alice".

Prior to this diff, Alice can't see the images in the mock. After this diff, she can.

This revision is now accepted and ready to land.Dec 19 2018, 12:16 AM
This revision was automatically updated to reflect the committed changes.