Details

Reviewers: None
Maniphest Tasks: T13366: Update Phortune to work better with "enterprise" billing/accounts departments
Commits: rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control…

Summary

Depends on D20715. Ref T13366. See that task for discussion.

Replace the unreliable "grantAuthority()"-based check with an actual "can the viewer edit any merchant this account has a relationship with?" check.

This makes these objects easier to use from a policy perspective and makes it so that the Query alone can fully enforce permissions properly with no setup, so general infrastructure (like handles and transactions) works properly with Phortune objects.

Test Plan

Viewed merchants and accounts as users with no authority, direct authority on the account, and indirect authority via a merchant relationship.

Diff Detail

Repository

rP Phabricator

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Aug 16 2019, 3:18 PM

Harbormaster completed remote builds in B23257: Diff 49397.Aug 16 2019, 3:19 PM

epriestley requested review of this revision.Aug 16 2019, 3:19 PM

epriestley added a child revision: D20717: Update Phortune payment account interfaces to handle merchant vs customer views.Aug 16 2019, 4:38 PM

This revision was not accepted when it landed; it landed in state Needs Review.Aug 23 2019, 4:02 AM

Closed by commit rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control… (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added a commit: rPa3213ab20be6: In Phortune, use actual merchant authority (not authority grants) to control….

epriestley mentioned this in T13393: Improve repository shard migration pathway in the shared cluster.Aug 30 2019, 3:50 PM

In Phortune, use actual merchant authority (not authority grants) to control account visibility
ClosedPublic
Actions

Details

Diff Detail

Event Timeline

Revision Contents
Changeset List

Diff 49433

src/applications/phortune/controller/merchant/PhortuneMerchantInvoiceCreateController.php

src/applications/phortune/query/PhortuneMerchantQuery.php

src/applications/phortune/storage/PhortuneAccount.php

In Phortune, use actual merchant authority (not authority grants) to control account visibilityClosedPublicActions

Details

Diff Detail

Event Timeline

Revision ContentsChangeset List

Diff 49433

src/applications/phortune/controller/merchant/PhortuneMerchantInvoiceCreateController.php

src/applications/phortune/query/PhortuneMerchantQuery.php

src/applications/phortune/storage/PhortuneAccount.php

In Phortune, use actual merchant authority (not authority grants) to control account visibility
ClosedPublic
Actions

Revision Contents
Changeset List