Page MenuHomePhabricator
Differential D21582

When updating revisions in responset to commits, use the omnipotent viewer to pull diffs
ClosedPublic
Actions

Authored by epriestley on Mar 1 2021, 7:00 PM.
Tags
None
Referenced Files
Unknown Object (File)
Thu, Apr 11, 9:37 AM
Unknown Object (File)
Fri, Mar 29, 6:11 AM
Unknown Object (File)
Thu, Mar 28, 12:25 PM
Unknown Object (File)
Wed, Mar 27, 8:19 PM
Unknown Object (File)
Wed, Mar 27, 8:19 PM
Unknown Object (File)
Wed, Mar 27, 8:19 PM
Unknown Object (File)
Wed, Mar 27, 8:19 PM
Unknown Object (File)
Mar 4 2024, 10:55 PM
View All 64 Files
Subscribers
None

Details

Reviewers
None
Maniphest Tasks
T13625: Daemons may make commit-related API calls as users without privileges
Commits
rP55f4a258d2de: When updating revisions in responset to commits, use the omnipotent viewer to…
Summary

Ref T13625. See that task for discussion.

Currently, the Viewer when performing revision updates in response to commits may be an arbitrary low-privilege user (an Application, a disabled User, a bot, a mailing list, etc).

Today, this leads to an exception when trying to make API calls.

Ideally, we probably would not perform the update in these cases. However, performing the update isn't a policy violation and is generally less surprising than not performing it, so continue performing it for now: just use the omnipotent user to interact with the API.

Test Plan
  • Authored a commit as a bot user without permission to view the repository or revision.
  • Commented out a couple of caches, and used bin/repository reparse --publish ... to republish the commit.
    • Before: exception when trying to interact with the API.
    • After: clean publish.

Diff Detail

Repository
rP Phabricator
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Revision Contents
Changeset List

PathSize
src/
applications/
diffusion/
worker/
32 lines

Diff 51379

View Options

src/applications/diffusion/worker/DiffusionUpdateObjectAfterCommitWorker.php

Loading...
Phabricator · Built by Phacility