Page MenuHomePhabricator

Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy behavior
ClosedPublic

Authored by epriestley on Dec 19 2018, 12:04 AM.
Tags
None
Referenced Files
Unknown Object (File)
Mon, Mar 4, 11:07 PM
Unknown Object (File)
Fri, Feb 23, 9:21 AM
Unknown Object (File)
Feb 12 2024, 4:33 PM
Unknown Object (File)
Feb 3 2024, 8:28 PM
Unknown Object (File)
Jan 25 2024, 1:40 AM
Unknown Object (File)
Dec 28 2023, 4:47 PM
Unknown Object (File)
Dec 26 2023, 5:07 PM
Unknown Object (File)
Dec 24 2023, 9:43 PM
Subscribers
Restricted Owners Package

Details

Summary

Depends on D19912. Ref T11351. Images currently use getMock()->getPolicy() stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers for the image when the intent is to evaluate the subscribers for the mock.

Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it).

Test Plan

Applied migrations, created and edited mocks and images without anything blowing up. Set mock visibility to "Subscribers", everything worked great.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

Owners added a subscriber: Restricted Owners Package.Dec 19 2018, 12:04 AM

An actual bug which this fixes which no one has ever reported AFAIK but which reproduces pretty easily:

  • Set a mock visibility to "Subscribers".
  • Add "alice" as a subscriber.
  • Mock author is anyone else.
  • View mock as "alice".

Prior to this diff, Alice can't see the images in the mock. After this diff, she can.

This revision is now accepted and ready to land.Dec 19 2018, 12:16 AM
This revision was automatically updated to reflect the committed changes.