Paths

Table of Contentst

Differential D21582

When updating revisions in responset to commits, use the omnipotent viewer to pull diffs
ClosedPublic
Actions

Authored by epriestley on Mar 1 2021, 7:00 PM.

Tags

None

Referenced Files

	F19035887: D21582.diff
	Tue, Nov 25, 6:31 PM

	F18953814: D21582.id51378.diff
	Wed, Nov 12, 8:13 AM

	F18858860: D21582.id51379.diff
	Nov 1 2025, 11:14 PM

	F18816350: D21582.id51379.diff
	Oct 21 2025, 6:17 AM

	F18809856: D21582.diff
	Oct 19 2025, 5:27 PM

	F18806001: D21582.id.diff
	Oct 18 2025, 5:20 PM

	F18799303: D21582.diff
	Oct 17 2025, 1:07 PM

	F18766244: D21582.id.diff
	Oct 7 2025, 3:44 PM

Subscribers

None

Details

Reviewers: None
Maniphest Tasks: T13625: Daemons may make commit-related API calls as users without privileges
Commits: rP55f4a258d2de: When updating revisions in responset to commits, use the omnipotent viewer to…

Summary

Ref T13625. See that task for discussion.

Currently, the Viewer when performing revision updates in response to commits may be an arbitrary low-privilege user (an Application, a disabled User, a bot, a mailing list, etc).

Today, this leads to an exception when trying to make API calls.

Ideally, we probably would not perform the update in these cases. However, performing the update isn't a policy violation and is generally less surprising than not performing it, so continue performing it for now: just use the omnipotent user to interact with the API.

Test Plan

Authored a commit as a bot user without permission to view the repository or revision.
Commented out a couple of caches, and used bin/repository reparse --publish ... to republish the commit.
- Before: exception when trying to interact with the API.
- After: clean publish.

Diff Detail

Repository

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

epriestley created this revision.Mar 1 2021, 7:00 PM

Harbormaster completed remote builds in B25184: Diff 51378.Mar 1 2021, 7:01 PM

epriestley requested review of this revision.Mar 1 2021, 7:01 PM

epriestley mentioned this in T13625: Daemons may make commit-related API calls as users without privileges.Mar 1 2021, 7:09 PM

This revision was not accepted when it landed; it landed in state Needs Review.Mar 1 2021, 7:11 PM

Closed by commit rP55f4a258d2de: When updating revisions in responset to commits, use the omnipotent viewer to… (authored by epriestley). · Explain Why

This revision was automatically updated to reflect the committed changes.

epriestley added a commit: rP55f4a258d2de: When updating revisions in responset to commits, use the omnipotent viewer to….

Revision Contents
Changeset List

Path

Size

src/

applications/

diffusion/

worker/

DiffusionUpdateObjectAfterCommitWorker.php

32 lines

Diff 51379

src/applications/diffusion/worker/DiffusionUpdateObjectAfterCommitWorker.php

Loading...