Page MenuHomePhabricator

Give Pholio Images an authorPHID and use ExtendedPolicies to implement policy behavior
ClosedPublic

Authored by epriestley on Dec 19 2018, 12:04 AM.

Details

Summary

Depends on D19912. Ref T11351. Images currently use getMock()->getPolicy() stuff to define policies. This causes bugs with object policies like "Subscribers", since the policy engine tries to evaluate the subscribers for the image when the intent is to evaluate the subscribers for the mock.

Move this to ExtendedPolicies to fix the behavior, and give Images sensible policy behavior when they aren't attached to a mock (specifically: only the user who created the image can see it).

Test Plan

Applied migrations, created and edited mocks and images without anything blowing up. Set mock visibility to "Subscribers", everything worked great.

Diff Detail

Repository
rP Phabricator
Lint
Automatic diff as part of commit; lint not applicable.
Unit
Automatic diff as part of commit; unit tests not applicable.

Event Timeline

epriestley created this revision.Dec 19 2018, 12:04 AM
Owners added a subscriber: Restricted Owners Package.Dec 19 2018, 12:04 AM
epriestley requested review of this revision.Dec 19 2018, 12:05 AM
epriestley edited the summary of this revision. (Show Details)Dec 19 2018, 12:09 AM

An actual bug which this fixes which no one has ever reported AFAIK but which reproduces pretty easily:

  • Set a mock visibility to "Subscribers".
  • Add "alice" as a subscriber.
  • Mock author is anyone else.
  • View mock as "alice".

Prior to this diff, Alice can't see the images in the mock. After this diff, she can.

amckinley accepted this revision.Dec 19 2018, 12:16 AM
This revision is now accepted and ready to land.Dec 19 2018, 12:16 AM
This revision was automatically updated to reflect the committed changes.