Page MenuHomePhabricator
Differential D19913

Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy behavior
ClosedPublic
Actions

Authored by epriestley on Dec 19 2018, 12:04 AM.
Tags
None
Referenced Files
F15379138: D19913.diff
Thu, Mar 13, 6:56 PM
F15368766: D19913.diff
Wed, Mar 12, 3:49 AM
F15368625: D19913.id47533.diff
Wed, Mar 12, 3:14 AM
F15285501: D19913.diff
Tue, Mar 4, 2:08 PM
Unknown Object (File)
Wed, Feb 26, 10:24 PM
Unknown Object (File)
Wed, Feb 26, 12:53 AM
Unknown Object (File)
Sun, Feb 23, 2:37 PM
Unknown Object (File)
Sat, Feb 22, 10:41 AM
View All Files
Subscribers
Restricted Owners Package

Details

Reviewers
amckinley
Maniphest Tasks
T11351: Move Pholio to EditEngine and modern APIs
Commits
rPaa3b2ec5dcd0: Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy…
Summary

Depends on D19912. Ref T11351. Images currently use getMock()->getPolicy() stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers for the image when the intent is to evaluate the subscribers for the mock.

Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it).

Test Plan

Applied migrations, created and edited mocks and images without anything blowing up. Set mock visibility to "Subscribers", everything worked great.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley created this revision.Dec 19 2018, 12:04 AM
Owners added a subscriber: Restricted Owners Package.Dec 19 2018, 12:04 AM
Harbormaster completed remote builds in B21383: Diff 47529.Dec 19 2018, 12:05 AM
epriestley requested review of this revision.Dec 19 2018, 12:05 AM
epriestley edited the summary of this revision. (Show Details)Dec 19 2018, 12:09 AM
epriestley added a task: T11351: Move Pholio to EditEngine and modern APIs.

An actual bug which this fixes which no one has ever reported AFAIK but which reproduces pretty easily:

  • Set a mock visibility to "Subscribers".
  • Add "alice" as a subscriber.
  • Mock author is anyone else.
  • View mock as "alice".

Prior to this diff, Alice can't see the images in the mock. After this diff, she can.

amckinley accepted this revision.Dec 19 2018, 12:16 AM
This revision is now accepted and ready to land.Dec 19 2018, 12:16 AM
Closed by commit rPaa3b2ec5dcd0: Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy… (authored by epriestley). · Explain WhyDec 19 2018, 6:51 PM
This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Diff 47533

View Options

resources/sql/autopatches/20181218.pholio.01.imageauthor.sql

Loading...
View Options

src/__phutil_library_map__.php

Loading...
View Options

src/applications/pholio/controller/PholioImageUploadController.php

Loading...
View Options

src/applications/pholio/controller/PholioMockEditController.php

Loading...
View Options

src/applications/pholio/controller/PholioMockViewController.php

Loading...
View Options

src/applications/pholio/lipsum/PhabricatorPholioMockTestDataGenerator.php

Loading...
View Options

src/applications/pholio/storage/PholioImage.php

Loading...
Phabricator · Built by Phacility