Page MenuHomePhabricator

In Phortune accounts, prevent self-removal more narrowly
ClosedPublic

Authored by epriestley on May 26 2020, 2:05 PM.
Tags
None
Referenced Files
Unknown Object (File)
Fri, Nov 22, 10:40 PM
Unknown Object (File)
Mon, Nov 18, 10:24 PM
Unknown Object (File)
Sat, Oct 26, 11:59 PM
Unknown Object (File)
Oct 20 2024, 2:48 AM
Unknown Object (File)
Oct 16 2024, 6:13 PM
Unknown Object (File)
Oct 14 2024, 11:17 PM
Unknown Object (File)
Sep 26 2024, 6:58 PM
Unknown Object (File)
Sep 6 2024, 8:02 AM
Subscribers
None

Details

Summary

Currently, Phortune attempts to prevent users from removing themselves as account managers. It does this by checking that the new list includes them.

Usually this is sufficient, because you can't normally edit an account unless you're already a manager. However, we get the wrong result (incorrect rejection of the edit) if the actor is omnipotent and the acting user was not already a member.

It's okay to edit an account into a state which doesn't include you if you have permission to edit the account and aren't already a manager.

Specifically, this supports more formal tooling around staff modifications to billing accounts, where the actor has staff-omnipotence and the acting user is a staff member and only used for purposes of leaving a useful audit trail.

Test Plan

Elsewhere, ran staff tooling to modify accounts and was able to act as "alice" to add "bailey", even though "alice" was not herself a manager.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

epriestley edited the summary of this revision. (Show Details)
This revision was not accepted when it landed; it landed in state Needs Review.May 26 2020, 2:09 PM
This revision was automatically updated to reflect the committed changes.