Page Menu
Home
Phabricator
Search
Configure Global Search
Log In
Files
F13178544
D20806.id49610.diff
No One
Temporary
Actions
View File
Edit File
Delete File
View Transforms
Subscribe
Mute Notifications
Award Token
Flag For Later
Size
3 KB
Referenced Files
None
Subscribers
None
D20806.id49610.diff
View Options
diff --git a/src/applications/policy/filter/PhabricatorPolicyFilter.php b/src/applications/policy/filter/PhabricatorPolicyFilter.php
--- a/src/applications/policy/filter/PhabricatorPolicyFilter.php
+++ b/src/applications/policy/filter/PhabricatorPolicyFilter.php
@@ -602,12 +602,13 @@
PhabricatorPolicyInterface $object,
$policy,
$capability) {
+ $viewer = $this->viewer;
if (!$this->raisePolicyExceptions) {
return;
}
- if ($this->viewer->isOmnipotent()) {
+ if ($viewer->isOmnipotent()) {
// Never raise policy exceptions for the omnipotent viewer. Although we
// will never normally issue a policy rejection for the omnipotent
// viewer, we can end up here when queries blanket reject objects that
@@ -634,7 +635,30 @@
$capability);
}
- $more = PhabricatorPolicy::getPolicyExplanation($this->viewer, $policy);
+ // See T13411. If you receive a policy exception because you can't view
+ // an object, we also want to avoid disclosing too many details about the
+ // actual policy (for example, the names of projects in the policy).
+
+ // If you failed a "CAN_VIEW" check, or failed some other check and don't
+ // have "CAN_VIEW" on the object, we give you an "opaque" explanation.
+ // Otherwise, we give you a more detailed explanation.
+
+ $view_capability = PhabricatorPolicyCapability::CAN_VIEW;
+ if ($capability === $view_capability) {
+ $show_details = false;
+ } else {
+ $show_details = self::hasCapability(
+ $viewer,
+ $object,
+ $view_capability);
+ }
+
+ if ($show_details) {
+ $more = PhabricatorPolicy::getPolicyExplanation($viewer, $policy);
+ } else {
+ $more = PhabricatorPolicy::getOpaquePolicyExplanation($viewer, $policy);
+ }
+
$more = (array)$more;
$more = array_filter($more);
diff --git a/src/applications/policy/storage/PhabricatorPolicy.php b/src/applications/policy/storage/PhabricatorPolicy.php
--- a/src/applications/policy/storage/PhabricatorPolicy.php
+++ b/src/applications/policy/storage/PhabricatorPolicy.php
@@ -220,6 +220,25 @@
PhabricatorUser $viewer,
$policy) {
+ $type = phid_get_type($policy);
+ if ($type === PhabricatorProjectProjectPHIDType::TYPECONST) {
+ $handle = id(new PhabricatorHandleQuery())
+ ->setViewer($viewer)
+ ->withPHIDs(array($policy))
+ ->executeOne();
+
+ return pht(
+ 'Members of the project "%s" can take this action.',
+ $handle->getFullName());
+ }
+
+ return self::getOpaquePolicyExplanation($viewer, $policy);
+ }
+
+ public static function getOpaquePolicyExplanation(
+ PhabricatorUser $viewer,
+ $policy) {
+
$rule = PhabricatorPolicyQuery::getObjectPolicyRule($policy);
if ($rule) {
return $rule->getPolicyExplanation();
@@ -245,7 +264,9 @@
$type = phid_get_type($policy);
if ($type == PhabricatorProjectProjectPHIDType::TYPECONST) {
return pht(
- 'Members of the project "%s" can take this action.',
+ 'Members of a particular project can take this action. (You '.
+ 'can not see this object, so the name of this project is '.
+ 'restricted.)',
$handle->getFullName());
} else if ($type == PhabricatorPeopleUserPHIDType::TYPECONST) {
return pht(
File Metadata
Details
Attached
Mime Type
text/plain
Expires
Thu, May 9, 8:29 PM (1 w, 6 d ago)
Storage Engine
blob
Storage Format
Encrypted (AES-256-CBC)
Storage Handle
6276860
Default Alt Text
D20806.id49610.diff (3 KB)
Attached To
Mode
D20806: When users fail a "CAN_SEE" check, give them an "opaque" policy explanation
Attached
Detach File
Event Timeline
Log In to Comment